generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Add Kerberos fix which was in 0.9.8-stable but never committed to HEAD and

Browse Source 
1.0.0. Original fix was on 2007-Mar-09 and had the log message: "Fix kerberos
ciphersuite bugs introduced with PR:1336."
This commit is contained in:
Dr. Stephen Henson
2010-02-27 23:04:10 +00:00
parent fc11f47229
commit fbe2c6b33e
2 changed files with 12 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
ssl/s3_srvr.c
View File

@@ -2286,7 +2286,7 @@ int ssl3_get_client_key_exchange(SSL *s)
SSL_R_DATA_LENGTH_TOO_LONG);
goto err;
}
if (!((p[0] == (s->client_version>>8)) && (p[1] == (s->client_version & 0xff))))
if (!((pms[0] == (s->client_version>>8)) && (pms[1] == (s->client_version & 0xff))))
{
/* The premaster secret must contain the same version number as the
* ClientHello to detect version rollback attacks (strangely, the
@@ -2296,8 +2296,7 @@ int ssl3_get_client_key_exchange(SSL *s)
* If SSL_OP_TLS_ROLLBACK_BUG is set, tolerate such clients.
* (Perhaps we should have a separate BUG value for the Kerberos cipher)
*/
if (!((s->options & SSL_OP_TLS_ROLLBACK_BUG) &&
(p[0] == (s->version>>8)) && (p[1] == (s->version & 0xff))))
if (!(s->options & SSL_OP_TLS_ROLLBACK_BUG))
{
SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
SSL_AD_DECODE_ERROR);