c8bc803189
This fixes a security problem: Security fix for RSA Padding check vulnerability Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> SVN-Revision: 42526
14 lines
581 B
Diff
14 lines
581 B
Diff
--- a/src/internal.c
|
|
+++ b/src/internal.c
|
|
@@ -6037,6 +6037,10 @@ int ProcessReply(CYASSL* ssl)
|
|
b1 =
|
|
ssl->buffers.inputBuffer.buffer[ssl->buffers.inputBuffer.idx++];
|
|
ssl->curSize = (word16)(((b0 & 0x7f) << 8) | b1);
|
|
+
|
|
+ /* does not appear to a be a SSLv2 client hello */
|
|
+ if ( ssl->buffers.inputBuffer.buffer[ssl->buffers.inputBuffer.idx] != 1 )
|
|
+ return UNKNOWN_HANDSHAKE_TYPE;
|
|
}
|
|
else {
|
|
ssl->options.processReply = getRecordLayerHeader;
|