diff options
author | kris <kris@FreeBSD.org> | 2000-11-13 02:20:29 +0000 |
---|---|---|
committer | kris <kris@FreeBSD.org> | 2000-11-13 02:20:29 +0000 |
commit | 76c54c9ba38450a69a291e1a8616ef6e229043ef (patch) | |
tree | c19c2ee5abe6e2e8f31ea9f0df8dc01f357bb10a /crypto/openssl/ssl/s23_srvr.c | |
parent | f6480205844e67624afaf36e515671962f3ff825 (diff) | |
download | FreeBSD-src-76c54c9ba38450a69a291e1a8616ef6e229043ef.zip FreeBSD-src-76c54c9ba38450a69a291e1a8616ef6e229043ef.tar.gz |
Resolve conflicts, and garbage collect some local changes that are no
longer required
Diffstat (limited to 'crypto/openssl/ssl/s23_srvr.c')
-rw-r--r-- | crypto/openssl/ssl/s23_srvr.c | 32 |
1 files changed, 20 insertions, 12 deletions
diff --git a/crypto/openssl/ssl/s23_srvr.c b/crypto/openssl/ssl/s23_srvr.c index c1c2e9d..2dbf614 100644 --- a/crypto/openssl/ssl/s23_srvr.c +++ b/crypto/openssl/ssl/s23_srvr.c @@ -299,7 +299,7 @@ int ssl23_get_client_hello(SSL *s) if (n <= 0) return(n); p=s->packet; - if ((buf=Malloc(n)) == NULL) + if ((buf=OPENSSL_malloc(n)) == NULL) { SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,ERR_R_MALLOC_FAILURE); goto err; @@ -350,16 +350,21 @@ int ssl23_get_client_hello(SSL *s) * SSLv3 or tls1 header */ - v[0]=p[1]; /* major version */ + v[0]=p[1]; /* major version (= SSL3_VERSION_MAJOR) */ /* We must look at client_version inside the Client Hello message - * to get the correct minor version: */ - v[1]=p[10]; - /* However if we have only a pathologically small fragment of the - * Client Hello message, we simply use the version from the - * record header -- this is incorrect but unlikely to fail in - * practice */ + * to get the correct minor version. + * However if we have only a pathologically small fragment of the + * Client Hello message, this would be difficult, we'd have + * to read at least one additional record to find out. + * This doesn't usually happen in real life, so we just complain + * for now. + */ if (p[3] == 0 && p[4] < 6) - v[1]=p[2]; + { + SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_RECORD_TOO_SMALL); + goto err; + } + v[1]=p[10]; /* minor version according to client_version */ if (v[1] >= TLS1_VERSION_MINOR) { if (!(s->options & SSL_OP_NO_TLSv1)) @@ -497,9 +502,12 @@ int ssl23_get_client_hello(SSL *s) s->state=SSL2_ST_GET_CLIENT_HELLO_A; if ((s->options & SSL_OP_MSIE_SSLV2_RSA_PADDING) || - use_sslv2_strong) + use_sslv2_strong || + (s->options & SSL_OP_NO_TLSv1 && s->options & SSL_OP_NO_SSLv3)) s->s2->ssl2_rollback=0; else + /* reject SSL 2.0 session if client supports SSL 3.0 or TLS 1.0 + * (SSL 3.0 draft/RFC 2246, App. E.2) */ s->s2->ssl2_rollback=1; /* setup the n bytes we have read so we get them from @@ -561,10 +569,10 @@ int ssl23_get_client_hello(SSL *s) } s->init_num=0; - if (buf != buf_space) Free(buf); + if (buf != buf_space) OPENSSL_free(buf); s->first_packet=1; return(SSL_accept(s)); err: - if (buf != buf_space) Free(buf); + if (buf != buf_space) OPENSSL_free(buf); return(-1); } |