source: trunk/package/openssl/patches/400-cve-2010-0740.patch @ 20592

Last change on this file since 20592 was 20592, checked in by jow, 6 years ago

[package] openssl: add patch for CVE-2010-0740 ("Record of death") vulnerability

File size: 533 bytes
  • ssl/s3_pkt.c

    a b again: 
    291291                        if (version != s->version) 
    292292                                { 
    293293                                SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_WRONG_VERSION_NUMBER); 
    294                                 /* Send back error using their 
    295                                  * version number :-) */ 
    296                                 s->version=version; 
     294                                if ((s->version & 0xFF00) == (version & 0xFF00)) 
     295                                        /* Send back error using their minor version number :-) */ 
     296                                        s->version = (unsigned short)version; 
    297297                                al=SSL_AD_PROTOCOL_VERSION; 
    298298                                goto f_err; 
    299299                                } 
Note: See TracBrowser for help on using the repository browser.