diff options
| -rw-r--r-- | CHANGES | 2 | ||||
| -rw-r--r-- | ssl/s2_clnt.c | 21 | ||||
| -rw-r--r-- | ssl/s2_srvr.c | 11 |
3 files changed, 24 insertions, 10 deletions
@@ -115,7 +115,7 @@ *) Change ssl/s2_clnt.c and ssl/s3_srvr.c so that received handshake messages are stored in a single piece (fixed-length part and - variable-length part) and fix various bugs found on the way. + variable-length part combined) and fix various bugs found on the way. [Bodo Moeller] *) In ssl3_get_client_hello (ssl/s3_srvr.c), generate a fatal alert diff --git a/ssl/s2_clnt.c b/ssl/s2_clnt.c index 3a990e42cc..868a975dc9 100644 --- a/ssl/s2_clnt.c +++ b/ssl/s2_clnt.c @@ -873,8 +873,8 @@ static int get_server_verify(SSL *s) p=(unsigned char *)s->init_buf->data; if (s->state == SSL2_ST_GET_SERVER_VERIFY_A) { - i=ssl2_read(s,(char *)&(p[s->init_num]),3-s->init_num); - if (i < (3-s->init_num)) + i=ssl2_read(s,(char *)&(p[s->init_num]),1-s->init_num); + if (i < (1-s->init_num)) return(ssl2_part_read(s,SSL_F_GET_SERVER_VERIFY,i)); s->init_num += i; @@ -888,8 +888,12 @@ static int get_server_verify(SSL *s) SSL_R_READ_WRONG_PACKET_TYPE); } else - SSLerr(SSL_F_GET_SERVER_VERIFY, - SSL_R_PEER_ERROR); + { + SSLerr(SSL_F_GET_SERVER_VERIFY,SSL_R_PEER_ERROR); + /* try to read the error message */ + i=ssl2_read(s,(char *)&(p[s->init_num]),3-s->init_num); + return ssl2_part_read(s,SSL_F_GET_SERVER_VERIFY,i); + } return(-1); } } @@ -923,8 +927,8 @@ static int get_server_finished(SSL *s) p=buf; if (s->state == SSL2_ST_GET_SERVER_FINISHED_A) { - i=ssl2_read(s,(char *)&(buf[s->init_num]),3-s->init_num); - if (i < (3-s->init_num)) + i=ssl2_read(s,(char *)&(buf[s->init_num]),1-s->init_num); + if (i < (1-s->init_num)) return(ssl2_part_read(s,SSL_F_GET_SERVER_FINISHED,i)); s->init_num += i; @@ -941,7 +945,12 @@ static int get_server_finished(SSL *s) SSLerr(SSL_F_GET_SERVER_FINISHED,SSL_R_READ_WRONG_PACKET_TYPE); } else + { SSLerr(SSL_F_GET_SERVER_FINISHED,SSL_R_PEER_ERROR); + /* try to read the error message */ + i=ssl2_read(s,(char *)&(p[s->init_num]),3-s->init_num); + return ssl2_part_read(s,SSL_F_GET_SERVER_VERIFY,i); + } return(-1); } s->state=SSL2_ST_GET_SERVER_FINISHED_B; diff --git a/ssl/s2_srvr.c b/ssl/s2_srvr.c index ea07852d1a..58ee38963a 100644 --- a/ssl/s2_srvr.c +++ b/ssl/s2_srvr.c @@ -801,10 +801,10 @@ static int get_client_finished(SSL *s) p=(unsigned char *)s->init_buf->data; if (s->state == SSL2_ST_GET_CLIENT_FINISHED_A) { - i=ssl2_read(s,(char *)&(p[s->init_num]),3-s->init_num); - if (i < 3-s->init_num) + i=ssl2_read(s,(char *)&(p[s->init_num]),1-s->init_num); + if (i < 1-s->init_num) return(ssl2_part_read(s,SSL_F_GET_CLIENT_FINISHED,i)); - s->init_num = 3; + s->init_num += i; if (*p != SSL2_MT_CLIENT_FINISHED) { @@ -814,7 +814,12 @@ static int get_client_finished(SSL *s) SSLerr(SSL_F_GET_CLIENT_FINISHED,SSL_R_READ_WRONG_PACKET_TYPE); } else + { SSLerr(SSL_F_GET_CLIENT_FINISHED,SSL_R_PEER_ERROR); + /* try to read the error message */ + i=ssl2_read(s,(char *)&(p[s->init_num]),3-s->init_num); + return ssl2_part_read(s,SSL_F_GET_SERVER_VERIFY,i); + } return(-1); } s->state=SSL2_ST_GET_CLIENT_FINISHED_B; |