Fix for "Record of death" vulnerability CVE-2010-0740.

[openssl.git] / ssl / s3_pkt.c

diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c
index da63e50aed237fc5a51621fcce3a6da6fca99b28..b30c032b74e01c316f145a3ccab4975dde34e7c4 100644 (file)
--- a/ssl/s3_pkt.c
+++ b/ssl/s3_pkt.c
@@ -330,16 +330,16 @@ again:
 #if 0
 fprintf(stderr, "Record type=%d, Length=%d\n", rr->type, rr->length);
 #endif
-fprintf(stderr, "RX version %x, Expecting %x\n", version, s->version);
+
                /* Lets check version */
                if (!s->first_packet)
                        {
                        if (version != s->version)
                                {
                                SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_WRONG_VERSION_NUMBER);
-                               /* Send back error using their
-                                * version number :-) */
-                               s->version=version;
+                                if ((s->version & 0xFF00) == (version & 0xFF00))
+                                       /* Send back error using their minor version number :-) */
+                                       s->version = (unsigned short)version;
                                al=SSL_AD_PROTOCOL_VERSION;
                                goto f_err;
                                }
@@ -736,7 +736,7 @@ static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
 
        *(p++)=(s->version>>8);
        *(p++)=s->version&0xff;
-fprintf(stderr, "Wrote version %x\n", s->version);
+
        /* field where we are to write out packet length */
        plen=p; 
        p+=2;