1 |
slords |
1.1 |
--- matrixssl/src/sslDecode.c.orig 2007-08-17 14:12:23.000000000 -0400 |
2 |
|
|
+++ matrixssl/src/sslDecode.c 2007-08-17 15:56:46.000000000 -0400 |
3 |
|
|
@@ -619,6 +619,8 @@ |
4 |
|
|
First two bytes are the highest supported major and minor SSL versions |
5 |
|
|
We support only 3.0 (support 3.1 in commercial version) |
6 |
|
|
*/ |
7 |
|
|
+ matrixStrDebugMsg("c is %u\n", c); |
8 |
|
|
+ matrixStrDebugMsg("end is %u\n", end); |
9 |
|
|
if (end - c < 2) { |
10 |
|
|
ssl->err = SSL_ALERT_ILLEGAL_PARAMETER; |
11 |
|
|
matrixStrDebugMsg("Invalid ssl header version length\n", NULL); |
12 |
|
|
@@ -626,6 +628,7 @@ |
13 |
|
|
} |
14 |
|
|
ssl->reqMajVer = *c; c++; |
15 |
|
|
ssl->reqMinVer = *c; c++; |
16 |
|
|
+ matrixStrDebugMsg("after version number c is %u\n", c); |
17 |
|
|
if (ssl->reqMajVer >= SSL3_MAJ_VER) { |
18 |
|
|
ssl->majVer = ssl->reqMajVer; |
19 |
|
|
ssl->minVer = SSL3_MIN_VER; |
20 |
|
|
@@ -651,7 +654,9 @@ |
21 |
|
|
} |
22 |
|
|
memcpy(ssl->sec.clientRandom, c, SSL_HS_RANDOM_SIZE); |
23 |
|
|
c += SSL_HS_RANDOM_SIZE; |
24 |
|
|
+ matrixStrDebugMsg("after random block c is %u\n", c); |
25 |
|
|
ssl->sessionIdLen = *c; c++; |
26 |
|
|
+ matrixStrDebugMsg("before session id c is %u\n", c); |
27 |
|
|
/* |
28 |
|
|
If a session length was specified, the client is asking to |
29 |
|
|
resume a previously established session to speed up the handshake. |
30 |
|
|
@@ -685,6 +690,7 @@ |
31 |
|
|
*/ |
32 |
|
|
ssl->flags &= ~SSL_FLAGS_RESUMED; |
33 |
|
|
} |
34 |
|
|
+ matrixStrDebugMsg("after session id c is %u\n", c); |
35 |
|
|
/* |
36 |
|
|
Next is the two byte cipher suite list length, network byte order. |
37 |
|
|
It must not be zero, and must be a multiple of two. |
38 |
|
|
@@ -696,6 +702,7 @@ |
39 |
|
|
} |
40 |
|
|
suiteLen = *c << 8; c++; |
41 |
|
|
suiteLen += *c; c++; |
42 |
|
|
+ matrixStrDebugMsg("before cipher list c is %u\n", c); |
43 |
|
|
if (suiteLen == 0 || suiteLen & 1) { |
44 |
|
|
ssl->err = SSL_ALERT_ILLEGAL_PARAMETER; |
45 |
|
|
matrixIntDebugMsg("Unable to parse cipher suite list: %d\n", |
46 |
|
|
@@ -732,6 +739,7 @@ |
47 |
|
|
} |
48 |
|
|
} |
49 |
|
|
} |
50 |
|
|
+ matrixStrDebugMsg("after cipher suites c is %u\n", c); |
51 |
|
|
/* |
52 |
|
|
If we fell to the default cipher suite, we didn't have |
53 |
|
|
any in common with the client, or the client is being bad |
54 |
|
|
@@ -750,6 +758,7 @@ |
55 |
|
|
and value 0 (second byte). There are no compression schemes defined |
56 |
|
|
for SSLv3 |
57 |
|
|
*/ |
58 |
|
|
+ matrixStrDebugMsg("before compression header length c is %u\n", c); |
59 |
|
|
if (end - c < 1) { |
60 |
|
|
ssl->err = SSL_ALERT_ILLEGAL_PARAMETER; |
61 |
|
|
matrixStrDebugMsg("Invalid compression header length\n", NULL); |
62 |
|
|
@@ -762,6 +771,7 @@ |
63 |
|
|
return SSL_ERROR; |
64 |
|
|
} |
65 |
|
|
c += extLen; |
66 |
|
|
+ matrixStrDebugMsg("after comps c is %u\n", c); |
67 |
|
|
|
68 |
|
|
if (ssl->reqMinVer == SSL3_MIN_VER && extLen != 1) { |
69 |
|
|
ssl->err = SSL_ALERT_ILLEGAL_PARAMETER; |
70 |
|
|
@@ -773,14 +783,17 @@ |
71 |
|
|
to parse here: Two byte length and extension info. |
72 |
|
|
http://www.faqs.org/rfcs/rfc3546.html |
73 |
|
|
*/ |
74 |
|
|
- if (ssl->reqMinVer >= TLS_MIN_VER && c != end) { |
75 |
|
|
+ /*if (ssl->reqMinVer >= TLS_MIN_VER && c != end) {*/ |
76 |
|
|
+ if (c != end) { |
77 |
|
|
if (end - c < 2) { |
78 |
|
|
ssl->err = SSL_ALERT_ILLEGAL_PARAMETER; |
79 |
|
|
matrixStrDebugMsg("Invalid extension header len\n", NULL); |
80 |
|
|
return SSL_ERROR; |
81 |
|
|
} |
82 |
|
|
+ matrixStrDebugMsg("before extLen c is %u\n", c); |
83 |
|
|
extLen = *c << 8; c++; |
84 |
|
|
extLen += *c; c++; |
85 |
|
|
+ matrixStrDebugMsg("before extensions c is %u\n", c); |
86 |
|
|
if (end - c < extLen) { |
87 |
|
|
ssl->err = SSL_ALERT_ILLEGAL_PARAMETER; |
88 |
|
|
matrixStrDebugMsg("Invalid extension header len\n", NULL); |
89 |
|
|
@@ -793,6 +806,7 @@ |
90 |
|
|
just skip over all extensions, ignoring them. |
91 |
|
|
*/ |
92 |
|
|
c += extLen; |
93 |
|
|
+ matrixStrDebugMsg("after extensions c is %u\n", c); |
94 |
|
|
} |
95 |
|
|
} else { |
96 |
|
|
/* |
97 |
|
|
@@ -885,6 +899,8 @@ |
98 |
|
|
if (c != end) { |
99 |
|
|
ssl->err = SSL_ALERT_ILLEGAL_PARAMETER; |
100 |
|
|
matrixStrDebugMsg("Invalid final client hello length\n", NULL); |
101 |
|
|
+ matrixStrDebugMsg("parsed to %u\n", c); |
102 |
|
|
+ matrixStrDebugMsg("end at %u\n", end); |
103 |
|
|
return SSL_ERROR; |
104 |
|
|
} |
105 |
|
|
|