From 166dea6ac8495719983ab241170793584e3ece8c Mon Sep 17 00:00:00 2001
From: "Dr. Stephen Henson" <steve@openssl.org>
Date: Thu, 5 Jan 2012 00:23:31 +0000
Subject: [PATCH] Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
 Reviewed by: steve

Send fatal alert if heartbeat extension has an illegal value.
---
 ssl/t1_lib.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 4734c37e0a..1a46d891c0 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -825,6 +825,7 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned cha
 			*(ret++) = SSL_TLSEXT_HB_DONT_SEND_REQUESTS;
 		else
 			*(ret++) = SSL_TLSEXT_HB_ENABLED;
+
 		}
 #endif
 
@@ -1282,6 +1283,8 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
 							s->tlsext_heartbeat |= SSL_TLSEXT_HB_ENABLED;
 							s->tlsext_heartbeat |= SSL_TLSEXT_HB_DONT_SEND_REQUESTS;
 							break;
+				default:	*al = SSL_AD_ILLEGAL_PARAMETER;
+							return 0;
 				}
 			}
 #endif
@@ -1553,6 +1556,8 @@ int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
 							s->tlsext_heartbeat |= SSL_TLSEXT_HB_ENABLED;
 							s->tlsext_heartbeat |= SSL_TLSEXT_HB_DONT_SEND_REQUESTS;
 							break;
+				default:	*al = SSL_AD_ILLEGAL_PARAMETER;
+							return 0;
 				}
 			}
 #endif
-- 
2.25.1