diff options
Diffstat (limited to 'lib/handshake.c')
-rw-r--r-- | lib/handshake.c | 12 |
1 files changed, 9 insertions, 3 deletions
diff --git a/lib/handshake.c b/lib/handshake.c index d96d21cce6..955fd5dd08 100644 --- a/lib/handshake.c +++ b/lib/handshake.c @@ -1143,7 +1143,7 @@ _gnutls_send_handshake(gnutls_session_t session, mbuffer_st * bufel, i_datasize = _mbuffer_get_udata_size(bufel); datasize = i_datasize + _mbuffer_get_uhead_size(bufel); - data[pos++] = (uint8_t) type; + data[pos++] = (uint8_t) REAL_HSK_TYPE(type); _gnutls_write_uint24(_mbuffer_get_udata_size(bufel), &data[pos]); pos += 3; @@ -1389,7 +1389,7 @@ _gnutls_recv_handshake(gnutls_session_t session, goto cleanup; } - ret = handshake_hash_add_recvd(session, hsk.htype, + ret = handshake_hash_add_recvd(session, hsk.rtype, hsk.header, hsk.header_size, hsk.data.data, hsk.data.length); @@ -1658,7 +1658,7 @@ read_server_hello(gnutls_session_t session, int ret = 0; int len = datalen; unsigned ext_parse_flag = 0; - const version_entry_st *vers; + const version_entry_st *vers, *saved_vers; if (datalen < GNUTLS_RANDOM_SIZE+2) { gnutls_assert(); @@ -1672,6 +1672,8 @@ read_server_hello(gnutls_session_t session, major = data[pos]; minor = data[pos+1]; + saved_vers = get_version(session); /* will be non-null if HRR has been received */ + vers = nversion_to_entry(major, minor); if (unlikely(vers == NULL)) return gnutls_assert_val(GNUTLS_E_UNSUPPORTED_VERSION_PACKET); @@ -1770,6 +1772,10 @@ read_server_hello(gnutls_session_t session, /* check if ciphersuite matches */ if (memcmp(cs_pos, session->internals.hrr_cs, 2) != 0) return gnutls_assert_val(GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER); + + /* check if HRR version matches this version */ + if (vers != saved_vers) + return gnutls_assert_val(GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER); } if (*comp_pos != 0) |