mirror of https://github.com/hak5/openwrt-owl.git
cyassl: add a patch to better check legacy SSLv2 client hello records
If junk data is received during SSL_accept(), cyassl will treat it as legacy SSLv2 record without performing further plausibility checks. Change the legacy code path to return UNKNOWN_HANDSHAKE_TYPE if the value of the third byte isn't 0x01 the hello message type. SVN-Revision: 33675owl
parent
ff1b163540
commit
6945d722e6
|
@ -1,5 +1,5 @@
|
|||
#
|
||||
# Copyright (C) 2006-2010 OpenWrt.org
|
||||
# Copyright (C) 2006-2012 OpenWrt.org
|
||||
#
|
||||
# This is free software, licensed under the GNU General Public License v2.
|
||||
# See /LICENSE for more information.
|
||||
|
@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
|
|||
|
||||
PKG_NAME:=cyassl
|
||||
PKG_VERSION:=1.6.5
|
||||
PKG_RELEASE:=1
|
||||
PKG_RELEASE:=2
|
||||
|
||||
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).zip
|
||||
PKG_SOURCE_URL:=http://www.yassl.com/
|
||||
|
|
|
@ -0,0 +1,13 @@
|
|||
--- a/src/cyassl_int.c
|
||||
+++ b/src/cyassl_int.c
|
||||
@@ -1588,6 +1588,10 @@
|
||||
b1 =
|
||||
ssl->buffers.inputBuffer.buffer[ssl->buffers.inputBuffer.idx++];
|
||||
ssl->curSize = ((b0 & 0x7f) << 8) | b1;
|
||||
+
|
||||
+ /* does not appear to a be a SSLv2 client hello */
|
||||
+ if ( ssl->buffers.inputBuffer.buffer[ssl->buffers.inputBuffer.idx] != 1 )
|
||||
+ return UNKNOWN_HANDSHAKE_TYPE;
|
||||
}
|
||||
else {
|
||||
ssl->options.processReply = getRecordLayerHeader;
|
Loading…
Reference in New Issue