yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2025-01-22 05:40:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix version-major intolerance again

Browse source 
This time doing minimal changes to avoid introducing other issues.
This commit is contained in:
Manuel Pégourié-Gonnard 2015-04-10 14:12:14 +02:00
parent 9b4c5d9f21
commit aa695be983
1 changed files with 8 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
library/ssl_srv.c
View file

@ -438,15 +438,20 @@ static int ssl_parse_client_hello( ssl_context *ssl )
buf[1], buf[2] ) ); buf[1], buf[2] ) );
/* /*
* SSLv3 Client Hello * SSLv3/TLS Client Hello
* *
* Record layer: * Record layer:
* 0 . 0 message type * 0 . 0 message type
* 1 . 2 protocol version * 1 . 2 protocol version
* 3 . 4 message length * 3 . 4 message length
*/ */
/* According to RFC 5246 Appendix E.1, the version here is typically
* "{03,00}, the lowest version number supported by the client, [or] the
* value of ClientHello.client_version", so the only meaningful check here
* is the major version shouldn't be less than 3 */
if( buf[0] != SSL_MSG_HANDSHAKE || if( buf[0] != SSL_MSG_HANDSHAKE ||
buf[1] != SSL_MAJOR_VERSION_3 ) buf[1] < SSL_MAJOR_VERSION_3 )
{ {
SSL_DEBUG_MSG( 1, ( "bad client hello message" ) ); SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
return( POLARSSL_ERR_SSL_BAD_HS_CLIENT_HELLO ); return( POLARSSL_ERR_SSL_BAD_HS_CLIENT_HELLO );
@ -503,7 +508,7 @@ static int ssl_parse_client_hello( ssl_context *ssl )
* Check the handshake type and protocol version * Check the handshake type and protocol version
*/ */
if( buf[0] != SSL_HS_CLIENT_HELLO || if( buf[0] != SSL_HS_CLIENT_HELLO ||
buf[4] != SSL_MAJOR_VERSION_3 ) buf[4] < SSL_MAJOR_VERSION_3 )
{ {
SSL_DEBUG_MSG( 1, ( "bad client hello message" ) ); SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
return( POLARSSL_ERR_SSL_BAD_HS_CLIENT_HELLO ); return( POLARSSL_ERR_SSL_BAD_HS_CLIENT_HELLO );