bugfix: handle HelloRequest received during handshake correctly

author: Bodo Möller <bodo@openssl.org> 2001-09-21 11:18:40 +0000
committer: Bodo Möller <bodo@openssl.org> 2001-09-21 11:18:40 +0000
commit: 3b0b5abae3183c495dd6f46ad92490236a06a563 (patch)
tree: 68ccc86c7d1b97fac0ec1a8147303a2e12226ec4
parent: b49124f6d9b5996f681018b2b4318f0fd88add77 (diff)
download: openssl-3b0b5abae3183c495dd6f46ad92490236a06a563.tar.gz
2 files changed, 8 insertions, 0 deletions
diff --git a/CHANGES b/CHANGES
index c69a760683..be6cfb184a 100644
--- a/CHANGES
+++ b/CHANGES
@@ -12,6 +12,10 @@
          *) applies to 0.9.6a/0.9.6b/0.9.6c and 0.9.7
          +) applies to 0.9.7 only
 
+  *) Avoid infinite loop in ssl3_get_message (ssl/s3_both.c) if a
+     client receives HelloRequest while in a handshake.
+     [Bodo Moeller; bug noticed by Andy Schneider <andy.schneider@bjss.co.uk>]
+
   +) New function SSL_renegotiate_pending().  This returns true once
      renegotiation has been requested (either SSL_renegotiate() call
      or HelloRequest/ClientHello receveived from the peer) and becomes
diff --git a/ssl/s3_both.c b/ssl/s3_both.c
index 68ddb143da..21531d5dbe 100644
--- a/ssl/s3_both.c
+++ b/ssl/s3_both.c
@@ -387,7 +387,11 @@ long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
 					 * if their format is correct. Does not count for
 					 * 'Finished' MAC. */
 					if (p[1] == 0 && p[2] == 0 &&p[3] == 0)
+						{
+						s->init_num = 0;
 						skip_message = 1;
+						}
+			
 			}
 		while (skip_message);
author	Bodo Möller <bodo@openssl.org>	2001-09-21 11:18:40 +0000
committer	Bodo Möller <bodo@openssl.org>	2001-09-21 11:18:40 +0000
commit	3b0b5abae3183c495dd6f46ad92490236a06a563 (patch)
tree	68ccc86c7d1b97fac0ec1a8147303a2e12226ec4
parent	b49124f6d9b5996f681018b2b4318f0fd88add77 (diff)
download	openssl-3b0b5abae3183c495dd6f46ad92490236a06a563.tar.gz