X-Git-Url: https://git.librecmc.org/?a=blobdiff_plain;f=ssl%2Fs3_pkt.c;h=379890237e8663b72a68f38a6e472a1d019e4312;hb=32957936b54c5c07b8e7d6eeeca54705ffe93ace;hp=221ae039e99eaeb5442103268ac9e6137dba40e4;hpb=77c77f0a1b9f15b869ca3342186dfbedd1119d0e;p=oweals%2Fopenssl.git diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c index 221ae039e9..379890237e 100644 --- a/ssl/s3_pkt.c +++ b/ssl/s3_pkt.c @@ -361,11 +361,22 @@ static int ssl3_get_record(SSL *s) if (version != s->version) { SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_WRONG_VERSION_NUMBER); if ((s->version & 0xFF00) == (version & 0xFF00) - && !s->enc_write_ctx && !s->write_hash) + && !s->enc_write_ctx && !s->write_hash) { + if (rr->type == SSL3_RT_ALERT) { + /* + * The record is using an incorrect version number, but + * what we've got appears to be an alert. We haven't + * read the body yet to check whether its a fatal or + * not - but chances are it is. We probably shouldn't + * send a fatal alert back. We'll just end. + */ + goto err; + } /* * Send back error using their minor version number :-) */ s->version = (unsigned short)version; + } al = SSL_AD_PROTOCOL_VERSION; goto f_err; } @@ -708,7 +719,7 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, int len) packlen *= 4; wb->buf = OPENSSL_malloc(packlen); - if(!wb->buf) { + if (!wb->buf) { SSLerr(SSL_F_SSL3_WRITE_BYTES, ERR_R_MALLOC_FAILURE); return -1; } @@ -1104,7 +1115,7 @@ int ssl3_write_pending(SSL *s, int type, const unsigned char *buf, s->rwstate = SSL_NOTHING; return (s->s3->wpend_ret); } else if (i <= 0) { - if (s->version == DTLS1_VERSION || s->version == DTLS1_BAD_VER) { + if (SSL_IS_DTLS(s)) { /* * For DTLS, just drop it. That's kind of the whole point in * using a datagram service