diff options
author | steve <steve> | 2010-02-27 23:01:45 +0000 |
---|---|---|
committer | steve <steve> | 2010-02-27 23:01:45 +0000 |
commit | 508deb56a3539c62c8547f4e87af4e503a62cfe2 (patch) | |
tree | e19a835ef09c8e5d4a0dbceb0116f74d780d5da5 /ssl/s3_srvr.c | |
parent | dad1a9a75883eef76c6076a9d0bae3cc4c532792 (diff) | |
download | openssl-508deb56a3539c62c8547f4e87af4e503a62cfe2.tar.gz |
Add Kerberos fix which was in 0.9.8-stable but never committed to HEAD and
1.0.0. Original fix was on 2007-Mar-09 and had the log message: "Fix kerberos
ciphersuite bugs introduced with PR:1336."
Diffstat (limited to 'ssl/s3_srvr.c')
-rw-r--r-- | ssl/s3_srvr.c | 5 |
1 files changed, 2 insertions, 3 deletions
diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index 297f79fc1..92f73b668 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -2286,7 +2286,7 @@ int ssl3_get_client_key_exchange(SSL *s) SSL_R_DATA_LENGTH_TOO_LONG); goto err; } - if (!((p[0] == (s->client_version>>8)) && (p[1] == (s->client_version & 0xff)))) + if (!((pms[0] == (s->client_version>>8)) && (pms[1] == (s->client_version & 0xff)))) { /* The premaster secret must contain the same version number as the * ClientHello to detect version rollback attacks (strangely, the @@ -2296,8 +2296,7 @@ int ssl3_get_client_key_exchange(SSL *s) * If SSL_OP_TLS_ROLLBACK_BUG is set, tolerate such clients. * (Perhaps we should have a separate BUG value for the Kerberos cipher) */ - if (!((s->options & SSL_OP_TLS_ROLLBACK_BUG) && - (p[0] == (s->version>>8)) && (p[1] == (s->version & 0xff)))) + if (!(s->options & SSL_OP_TLS_ROLLBACK_BUG)) { SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, SSL_AD_DECODE_ERROR); |