X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=ssl%2Fs23_srvr.c;h=a81544a1b62a99a15f54cfa2960ca97d3bb6580a;hp=65b46ed7b00a714540763325685e711a73886b53;hb=aa826d88e196ec13e1df4aeb2a55b8ea579aba60;hpb=657e60fa00ddde3618600d6306be913214d30457 diff --git a/ssl/s23_srvr.c b/ssl/s23_srvr.c index 65b46ed7b0..a81544a1b6 100644 --- a/ssl/s23_srvr.c +++ b/ssl/s23_srvr.c @@ -189,9 +189,10 @@ end: int ssl23_get_client_hello(SSL *s) { char buf_space[11]; /* Request this many bytes in initial read. - * We can detect SSL 3.0/TLS 1.0 Client Hellos only - * when the following is in a single record - * (not guaranteed by protocol specs): + * We can detect SSL 3.0/TLS 1.0 Client Hellos + * ('type == 3') correctly only when the following + * is in a single record, which is not guaranteed by + * the protocol specification: * Byte Content * 0 type \ * 1/2 version > record header @@ -205,8 +206,11 @@ int ssl23_get_client_hello(SSL *s) unsigned int i; unsigned int csl,sil,cl; int n=0,j; - int type=0,use_sslv2_strong=0; + int type=0; int v[2]; +#ifndef NO_RSA + int use_sslv2_strong=0; +#endif if (s->state == SSL23_ST_SR_CLNT_HELLO_A) { @@ -277,6 +281,7 @@ int ssl23_get_client_hello(SSL *s) * throw this away and implement it in a way * that makes sense */ { +#if 0 STACK_OF(SSL_CIPHER) *sk; SSL_CIPHER *c; int ne2,ne3; @@ -292,7 +297,7 @@ int ssl23_get_client_hello(SSL *s) if (n <= 0) return(n); p=s->packet; - if ((buf=Malloc(n)) == NULL) + if ((buf=OPENSSL_malloc(n)) == NULL) { SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,ERR_R_MALLOC_FAILURE); goto err; @@ -326,20 +331,33 @@ int ssl23_get_client_hello(SSL *s) goto next_bit; } } +#else + SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_UNSUPPORTED_OPTION); + goto err; +#endif } } } else if ((p[0] == SSL3_RT_HANDSHAKE) && (p[1] == SSL3_VERSION_MAJOR) && (p[5] == SSL3_MT_CLIENT_HELLO) && - (p[9] == p[1])) + ((p[3] == 0 && p[4] < 5 /* silly record length? */) + || (p[9] == p[1]))) { /* * SSLv3 or tls1 header */ - /* we must look at client_version inside the client hello: */ - v[0]=p[9]; v[1]=p[10]; + v[0]=p[1]; /* major version */ + /* We must look at client_version inside the Client Hello message + * to get the correct minor version: */ + v[1]=p[10]; + /* However if we have only a pathologically small fragment of the + * Client Hello message, we simply use the version from the + * record header -- this is incorrect but unlikely to fail in + * practice */ + if (p[3] == 0 && p[4] < 6) + v[1]=p[2]; if (v[1] >= TLS1_VERSION_MINOR) { if (!(s->options & SSL_OP_NO_TLSv1)) @@ -374,7 +392,6 @@ int ssl23_get_client_hello(SSL *s) } } -next_bit: if (s->state == SSL23_ST_SR_CLNT_HELLO_B) { /* we have SSLv3/TLSv1 in an SSLv2 header @@ -478,9 +495,12 @@ next_bit: s->state=SSL2_ST_GET_CLIENT_HELLO_A; if ((s->options & SSL_OP_MSIE_SSLV2_RSA_PADDING) || - use_sslv2_strong) + use_sslv2_strong || + (s->options & SSL_OP_NO_TLSv1 && s->options & SSL_OP_NO_SSLv3)) s->s2->ssl2_rollback=0; else + /* reject SSL 2.0 session if client supports SSL 3.0 or TLS 1.0 + * (SSL 3.0 draft/RFC 2246, App. E.2) */ s->s2->ssl2_rollback=1; /* setup the n bytes we have read so we get them from @@ -542,10 +562,10 @@ next_bit: } s->init_num=0; - if (buf != buf_space) Free(buf); + if (buf != buf_space) OPENSSL_free(buf); s->first_packet=1; return(SSL_accept(s)); err: - if (buf != buf_space) Free(buf); + if (buf != buf_space) OPENSSL_free(buf); return(-1); }