Fix SSL 2.0 rollback checking: The previous implementation of the

[openssl.git] / ssl / s23_srvr.c

diff --git a/ssl/s23_srvr.c b/ssl/s23_srvr.c
index 5b38f9e285fd7922ba299a47b807ff7622a6e468..cbf2f5d836f189be840273af9d7e2aaaa6ef8d6a 100644 (file)
--- a/ssl/s23_srvr.c
+++ b/ssl/s23_srvr.c
@@ -206,8 +206,11 @@ int ssl23_get_client_hello(SSL *s)
        unsigned int i;
        unsigned int csl,sil,cl;
        int n=0,j;
-       int type=0,use_sslv2_strong=0;
+       int type=0;
        int v[2];
+#ifndef NO_RSA
+       int use_sslv2_strong=0;
+#endif
 
        if (s->state == SSL23_ST_SR_CLNT_HELLO_A)
                {
@@ -294,7 +297,7 @@ int ssl23_get_client_hello(SSL *s)
                                        if (n <= 0) return(n);
                                        p=s->packet;
 
-                                       if ((buf=Malloc(n)) == NULL)
+                                       if ((buf=OPENSSL_malloc(n)) == NULL)
                                                {
                                                SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,ERR_R_MALLOC_FAILURE);
                                                goto err;
@@ -492,7 +495,8 @@ int ssl23_get_client_hello(SSL *s)
 
                s->state=SSL2_ST_GET_CLIENT_HELLO_A;
                if ((s->options & SSL_OP_MSIE_SSLV2_RSA_PADDING) ||
-                       use_sslv2_strong)
+                       use_sslv2_strong ||
+                       (s->options & SSL_OP_NO_TLSv1 && s->options & SSL_OP_NO_SSLv3))
                        s->s2->ssl2_rollback=0;
                else
                        s->s2->ssl2_rollback=1;
@@ -556,10 +560,10 @@ int ssl23_get_client_hello(SSL *s)
                }
        s->init_num=0;
 
-       if (buf != buf_space) Free(buf);
+       if (buf != buf_space) OPENSSL_free(buf);
        s->first_packet=1;
        return(SSL_accept(s));
 err:
-       if (buf != buf_space) Free(buf);
+       if (buf != buf_space) OPENSSL_free(buf);
        return(-1);
        }