summaryrefslogtreecommitdiffstats
path: root/crypto/openssl/ssl/s3_pkt.c
diff options
context:
space:
mode:
authorsimon <simon@FreeBSD.org>2010-04-01 15:19:51 +0000
committersimon <simon@FreeBSD.org>2010-04-01 15:19:51 +0000
commit2176e0cd52d68263d3d2ff39461442b734360fe1 (patch)
tree9b9ed316e70ff8c7ea71526ab69ab131960e8b72 /crypto/openssl/ssl/s3_pkt.c
parent348853b7ae1be0b9abbde8c1b0ad8dcb786a2cb7 (diff)
downloadFreeBSD-src-2176e0cd52d68263d3d2ff39461442b734360fe1.zip
FreeBSD-src-2176e0cd52d68263d3d2ff39461442b734360fe1.tar.gz
Merge OpenSSL 0.9.8n into head.
This fixes CVE-2010-0740 which only affected -CURRENT (OpenSSL 0.9.8m) but not -STABLE branches. I have not yet been able to find out if CVE-2010-0433 impacts FreeBSD. This will be investigated further. Security: CVE-2010-0433, CVE-2010-0740 Security: http://www.openssl.org/news/secadv_20100324.txt
Diffstat (limited to 'crypto/openssl/ssl/s3_pkt.c')
-rw-r--r--crypto/openssl/ssl/s3_pkt.c6
1 files changed, 3 insertions, 3 deletions
diff --git a/crypto/openssl/ssl/s3_pkt.c b/crypto/openssl/ssl/s3_pkt.c
index a2ba574..5e3583c 100644
--- a/crypto/openssl/ssl/s3_pkt.c
+++ b/crypto/openssl/ssl/s3_pkt.c
@@ -291,9 +291,9 @@ again:
if (version != s->version)
{
SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_WRONG_VERSION_NUMBER);
- /* Send back error using their
- * version number :-) */
- s->version=version;
+ if ((s->version & 0xFF00) == (version & 0xFF00))
+ /* Send back error using their minor version number :-) */
+ s->version = (unsigned short)version;
al=SSL_AD_PROTOCOL_VERSION;
goto f_err;
}
OpenPOWER on IntegriCloud