generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Submitted by: Bodo Moeller and Adam Langley (Google).

Browse Source 
Fix for "Record of death" vulnerability CVE-2010-0740.
This commit is contained in:
Dr. Stephen Henson
2010-03-24 13:16:42 +00:00
parent c3484e0268
commit 354f92d66a
2 changed files with 13 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
ssl/s3_pkt.c
View File

@@ -291,9 +291,9 @@ again:
if (version != s->version)
{
SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_WRONG_VERSION_NUMBER);
/* Send back error using their
* version number :-) */
s->version=version;
if ((s->version & 0xFF00) == (version & 0xFF00))
/* Send back error using their minor version number :-) */
s->version = (unsigned short)version;
al=SSL_AD_PROTOCOL_VERSION;
goto f_err;
}