bugfix: handle HelloRequest received during handshake correctly

diff --git a/CHANGES b/CHANGES
index 3909697e954c26f007f560db1356cac0a6d563d8..8ae782e1f6b0fcee9e41fa637f0a802c87cd4512 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,10 @@
 
  Changes between 0.9.6b and 0.9.6c  [XX xxx XXXX]
 
+  *) Avoid infinite loop in ssl3_get_message (ssl/s3_both.c) if a
+     client receives HelloRequest while in a handshake.
+     [Bodo Moeller; bug noticed by Andy Schneider <andy.schneider@bjss.co.uk>]
+
   *) Bugfix in ssl3_accept (ssl/s3_srvr.c): Case SSL3_ST_SW_HELLO_REQ_C
      should end in 'break', not 'goto end' which circuments various
      cleanups done in state SSL_ST_OK.   But session related stuff

diff --git a/ssl/s3_both.c b/ssl/s3_both.c
index 10d8d3b15afc213b8f03a72b3bc46d63b36a1336..f1f9c6ce7a30254efa8508fc556e4a42bf07f59b 100644 (file)
--- a/ssl/s3_both.c
+++ b/ssl/s3_both.c
@@ -383,7 +383,11 @@ long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
                                         * if their format is correct. Does not count for
                                         * 'Finished' MAC. */
                                        if (p[1] == 0 && p[2] == 0 &&p[3] == 0)
+                                               {
+                                               s->init_num = 0;
                                                skip_message = 1;
+                                               }
+                       
                        }
                while (skip_message);