cyassl: add a patch to better check legacy SSLv2 client hello records

If junk data is received during SSL_accept(), cyassl will treat it as legacy SSLv2
record without performing further plausibility checks. Change the legacy code path
to return UNKNOWN_HANDSHAKE_TYPE if the value of the third byte isn't 0x01 the
hello message type.

SVN-Revision: 33675
owl
Jo-Philipp Wich 2012-10-09 16:41:36 +00:00
parent ff1b163540
commit 6945d722e6
2 changed files with 15 additions and 2 deletions

View File

@ -1,5 +1,5 @@
# #
# Copyright (C) 2006-2010 OpenWrt.org # Copyright (C) 2006-2012 OpenWrt.org
# #
# This is free software, licensed under the GNU General Public License v2. # This is free software, licensed under the GNU General Public License v2.
# See /LICENSE for more information. # See /LICENSE for more information.
@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
PKG_NAME:=cyassl PKG_NAME:=cyassl
PKG_VERSION:=1.6.5 PKG_VERSION:=1.6.5
PKG_RELEASE:=1 PKG_RELEASE:=2
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).zip PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).zip
PKG_SOURCE_URL:=http://www.yassl.com/ PKG_SOURCE_URL:=http://www.yassl.com/

View File

@ -0,0 +1,13 @@
--- a/src/cyassl_int.c
+++ b/src/cyassl_int.c
@@ -1588,6 +1588,10 @@
b1 =
ssl->buffers.inputBuffer.buffer[ssl->buffers.inputBuffer.idx++];
ssl->curSize = ((b0 & 0x7f) << 8) | b1;
+
+ /* does not appear to a be a SSLv2 client hello */
+ if ( ssl->buffers.inputBuffer.buffer[ssl->buffers.inputBuffer.idx] != 1 )
+ return UNKNOWN_HANDSHAKE_TYPE;
}
else {
ssl->options.processReply = getRecordLayerHeader;