Submitted by: Peter Sylvester <peter.sylvester@edelweb.fr>

Localize client hello extension parsing in t1_lib.c

1 files changed, 19 insertions, 2 deletions

diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 73924392f9..b75b028b41 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -1175,8 +1175,8 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned cha
 	return ret;
 	}
 
-int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, int n, int *al)
-	{
+static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, int n, int *al) 
+	{	
 	unsigned short type;
 	unsigned short size;
 	unsigned short len;
@@ -1669,6 +1669,23 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
 	return 1;
 	}
 
+int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, int n) 
+	{
+	int al = -1;
+	if (ssl_scan_clienthello_tlsext(s, p, d, n, &al) <= 0) 
+		{
+		ssl3_send_alert(s,SSL3_AL_FATAL,al); 
+		return 0;
+		}
+
+	if (ssl_check_clienthello_tlsext(s) <= 0) 
+		{
+		SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_CLIENTHELLO_TLSEXT);
+		return 0;
+		}
+	return 1;
+}
+
 #ifndef OPENSSL_NO_NEXTPROTONEG
 /* ssl_next_proto_validate validates a Next Protocol Negotiation block. No
  * elements of zero length are allowed and the set of elements must exactly fill