blob: 6cd57b47bae9d4ae5d33e2bd583cb8cf77a81bf5 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
|
From 6ce9687b5aba5391fc0de50e18779eb676d0e04d Mon Sep 17 00:00:00 2001
From: Kurt Roeckx <kurt@roeckx.be>
Date: Tue, 21 Oct 2014 20:45:15 +0200
Subject: [PATCH] Keep old method in case of an unsupported protocol
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
When we're configured with no-ssl3 and we receive an SSL v3 Client Hello, we set
the method to NULL. We didn't used to do that, and it breaks things. This is a
regression introduced in 62f45cc27d07187b59551e4fad3db4e52ea73f2c. Keep the old
method since the code is not able to deal with a NULL method at this time.
CVE-2014-3569, PR#3571
Upstream-Status: Backport
Reviewed-by: Emilia Käsper <emilia@openssl.org>
(cherry picked from commit 392fa7a952e97d82eac6958c81ed1e256e6b8ca5)
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
---
ssl/s23_srvr.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/ssl/s23_srvr.c b/ssl/s23_srvr.c
index 93ca7d5..de909b1 100644
--- a/ssl/s23_srvr.c
+++ b/ssl/s23_srvr.c
@@ -602,12 +602,14 @@ int ssl23_get_client_hello(SSL *s)
if ((type == 2) || (type == 3))
{
/* we have SSLv3/TLSv1 (type 2: SSL2 style, type 3: SSL3/TLS style) */
- s->method = ssl23_get_server_method(s->version);
- if (s->method == NULL)
+ const SSL_METHOD *new_method;
+ new_method = ssl23_get_server_method(s->version);
+ if (new_method == NULL)
{
SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_UNSUPPORTED_PROTOCOL);
goto err;
}
+ s->method = new_method;
if (!ssl_init_wbio_buffer(s,1)) goto err;
--
1.9.1
|
