Fix SSLv2-compatible ClientHello processing.

If the client challenge is less than 32 bytes, it is padded with leading - not trailing - zero bytes. Reviewed-by: N Matt Caswell <matt@openssl.org>

Fix SSLv2-compatible ClientHello processing.
If the client challenge is less than 32 bytes, it is padded with leading - not trailing - zero bytes. Reviewed-by: N Matt Caswell <matt@openssl.org>
9cc3e8f1 · Emilia Kasper · 2aa815c3 · 9cc3e8f1
隐藏空白更改
内联并排

Showing with 3 addition and 1 deletion

ssl/s3_srvr.c ssl/s3_srvr.c +3 -1

未找到文件。
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -1057,7 +1057,9 @@ int ssl3_get_client_hello(SSL *s)
        /* Load the client random */
        i = (cl > SSL3_RANDOM_SIZE) ? SSL3_RANDOM_SIZE : cl;
        memset(s->s3->client_random, 0, SSL3_RANDOM_SIZE);
-        if (!PACKET_peek_copy_bytes(&pkt, s->s3->client_random, i)
+        if (!PACKET_peek_copy_bytes(&pkt,
+                                    s->s3->client_random + SSL3_RANDOM_SIZE - i,
+                                    i)
                || !PACKET_forward(&pkt, cl)
                || PACKET_remaining(&pkt) != 0) {
            SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_RECORD_LENGTH_MISMATCH);