diff options
author | David Benjamin <davidben@google.com> | 2016-03-05 13:14:11 -0500 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2016-05-11 13:43:41 +0100 |
commit | cb21df32296a57150341aaa24131dfc668122df8 (patch) | |
tree | 361f9ecaf056ac5ab9310ee22300ad85c5c36cf4 /ssl | |
parent | c1176ebf298ffa0bad0d368bd81aacbb30572a95 (diff) | |
download | openssl-cb21df32296a57150341aaa24131dfc668122df8.tar.gz |
Fix V2ClientHello handling.
The V2ClientHello code creates an empty compression list, but the
compression list must explicitly contain the null compression (and later
code enforces this).
RT#4387
Reviewed-by: Stephen Henson <steve@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Diffstat (limited to 'ssl')
-rw-r--r-- | ssl/statem/statem_srvr.c | 8 |
1 files changed, 5 insertions, 3 deletions
diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c index 27f12873f3..a6841c3b4b 100644 --- a/ssl/statem/statem_srvr.c +++ b/ssl/statem/statem_srvr.c @@ -971,6 +971,7 @@ MSG_PROCESS_RETURN tls_process_client_hello(SSL *s, PACKET *pkt) /* |cookie| will only be initialized for DTLS. */ PACKET session_id, cipher_suites, compression, extensions, cookie; int is_v2_record; + static unsigned char null_compression = 0; is_v2_record = RECORD_LAYER_is_sslv2_record(&s->rlayer); @@ -1096,19 +1097,20 @@ MSG_PROCESS_RETURN tls_process_client_hello(SSL *s, PACKET *pkt) goto f_err; } - /* Load the client random */ + /* Load the client random and compression list. */ challenge_len = challenge_len > SSL3_RANDOM_SIZE ? SSL3_RANDOM_SIZE : challenge_len; memset(s->s3->client_random, 0, SSL3_RANDOM_SIZE); if (!PACKET_copy_bytes(&challenge, s->s3->client_random + SSL3_RANDOM_SIZE - - challenge_len, challenge_len)) { + challenge_len, challenge_len) + /* Advertise only null compression. */ + || !PACKET_buf_init(&compression, &null_compression, 1)) { SSLerr(SSL_F_TLS_PROCESS_CLIENT_HELLO, ERR_R_INTERNAL_ERROR); al = SSL_AD_INTERNAL_ERROR; goto f_err; } - PACKET_null_init(&compression); PACKET_null_init(&extensions); } else { /* Regular ClientHello. */ |