diff options
| author | Jasper Lievisse Adriaanse <jasper@cvs.openbsd.org> | 2010-04-14 12:41:06 +0000 |
|---|---|---|
| committer | Jasper Lievisse Adriaanse <jasper@cvs.openbsd.org> | 2010-04-14 12:41:06 +0000 |
| commit | b5fa87681d233b4f8e415e37853700b8dff45d19 (patch) | |
| tree | a800e4fad010033782dcfc604e6a1dbded1952c6 /lib | |
| parent | d44d039f1a4022c1a5b57ee5f3fcdfa14a364e59 (diff) | |
Security fix for CVE-2010-0740
"In TLS connections, certain incorrectly formatted records can cause an OpenSSL
client or server to crash due to a read attempt at NULL."
http://openssl.org/news/secadv_20100324.txt
ok deraadt@ djm@ sthen@
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/libssl/src/ssl/s3_pkt.c | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/lib/libssl/src/ssl/s3_pkt.c b/lib/libssl/src/ssl/s3_pkt.c index b98b84044fd..515739c08c2 100644 --- a/lib/libssl/src/ssl/s3_pkt.c +++ b/lib/libssl/src/ssl/s3_pkt.c @@ -282,9 +282,10 @@ again: if (version != s->version) { SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_WRONG_VERSION_NUMBER); - /* Send back error using their - * version number :-) */ - s->version=version; + if ((s->version & 0xFF00) == (version & 0xFF00)) + /* Send back error using their + * minor version number :-) */ + s->version = (unsigned short)version; al=SSL_AD_PROTOCOL_VERSION; goto f_err; } |