Skip to content

Commit

Permalink
Keep old method in case of an unsupported protocol
Browse files Browse the repository at this point in the history
When we're configured with no-ssl3 and we receive an SSL v3 Client Hello, we set
the method to NULL.  We didn't used to do that, and it breaks things.  This is a
regression introduced in 62f45cc.  Keep the old
method since the code is not able to deal with a NULL method at this time.

CVE-2014-3569, PR#3571

Reviewed-by: Emilia Käsper <emilia@openssl.org>
(cherry picked from commit 392fa7a)
  • Loading branch information
kroeckx committed Oct 21, 2014
1 parent 20e6105 commit 6ce9687
Showing 1 changed file with 4 additions and 2 deletions.
6 changes: 4 additions & 2 deletions ssl/s23_srvr.c
Original file line number Diff line number Diff line change
Expand Up @@ -602,12 +602,14 @@ int ssl23_get_client_hello(SSL *s)
if ((type == 2) || (type == 3))
{
/* we have SSLv3/TLSv1 (type 2: SSL2 style, type 3: SSL3/TLS style) */
s->method = ssl23_get_server_method(s->version);
if (s->method == NULL)
const SSL_METHOD *new_method;
new_method = ssl23_get_server_method(s->version);
if (new_method == NULL)
{
SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_UNSUPPORTED_PROTOCOL);
goto err;
}
s->method = new_method;

if (!ssl_init_wbio_buffer(s,1)) goto err;

Expand Down

0 comments on commit 6ce9687

Please sign in to comment.