From 192540b5222179809fd04457886c0e0e4efb882b Mon Sep 17 00:00:00 2001
From: "Dr. Stephen Henson" <steve@openssl.org>
Date: Thu, 5 Jan 2012 00:23:17 +0000
Subject: [PATCH] Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
 Reviewed by: steve

Send fatal alert if heartbeat extension has an illegal value.
---
 ssl/t1_lib.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 3430ea1a20..7150171c1d 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -825,6 +825,7 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned cha
 			*(ret++) = SSL_TLSEXT_HB_DONT_SEND_REQUESTS;
 		else
 			*(ret++) = SSL_TLSEXT_HB_ENABLED;
+
 		}
 #endif
 
@@ -1282,6 +1283,8 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
 							s->tlsext_heartbeat |= SSL_TLSEXT_HB_ENABLED;
 							s->tlsext_heartbeat |= SSL_TLSEXT_HB_DONT_SEND_REQUESTS;
 							break;
+				default:	*al = SSL_AD_ILLEGAL_PARAMETER;
+							return 0;
 				}
 			}
 #endif
@@ -1553,6 +1556,8 @@ int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
 							s->tlsext_heartbeat |= SSL_TLSEXT_HB_ENABLED;
 							s->tlsext_heartbeat |= SSL_TLSEXT_HB_DONT_SEND_REQUESTS;
 							break;
+				default:	*al = SSL_AD_ILLEGAL_PARAMETER;
+							return 0;
 				}
 			}
 #endif
-- 
2.25.1