Fix horrible (and hard to track down) bug in ssl23_get_client_hello:

[openssl.git] / ssl / s23_srvr.c

diff --git a/ssl/s23_srvr.c b/ssl/s23_srvr.c
index 982536706214433284cd8c53ae6ed61ed5ce2474..1a9e5fd867066bc670d2a05e673596c4d7015e2a 100644 (file)
--- a/ssl/s23_srvr.c
+++ b/ssl/s23_srvr.c
@@ -69,7 +69,7 @@ static SSL_METHOD *ssl23_get_server_method(int ver)
        {
        if (ver == SSL2_VERSION)
                return(SSLv2_server_method());
-       else if (ver == SSL3_VERSION)
+       if (ver == SSL3_VERSION)
                return(SSLv3_server_method());
        else if (ver == TLS1_VERSION)
                return(TLSv1_server_method());
@@ -195,10 +195,11 @@ int ssl23_get_client_hello(SSL *s)
        int type=0,use_sslv2_strong=0;
        int v[2];
 
-       /* read the initial header */
-       v[0]=v[1]=0;
        if (s->state == SSL23_ST_SR_CLNT_HELLO_A)
                {
+               /* read the initial header */
+               v[0]=v[1]=0;
+
                if (!ssl3_setup_buffers(s)) goto err;
 
                n=ssl23_read_bytes(s,7);
@@ -244,6 +245,7 @@ int ssl23_get_client_hello(SSL *s)
                                        type=1;
 
                                if (s->options & SSL_OP_NON_EXPORT_FIRST)
+                                       /* not only confusing, but broken! */
                                        {
                                        STACK_OF(SSL_CIPHER) *sk;
                                        SSL_CIPHER *c;
@@ -337,6 +339,8 @@ next_bit:
                /* we have a SSLv3/TLSv1 in a SSLv2 header */
                type=2;
                p=s->packet;
+               v[0] = p[3];
+               v[1] = p[4];
                n=((p[0]&0x7f)<<8)|p[1];
                if (n > (1024*4))
                        {