The branch master has been updated
via 124f6ff4c248842f52fa45b21efe58159413e8f7 (commit)
from f0ff328e360f56d8a79cbb61b2931a13fb7199c2 (commit)
- Log -----------------------------------------------------------------
commit 124f6ff4c248842f52fa45b21efe58159413e8f7
Author: Rainer Jung <[email protected]>
Date: Sat Feb 13 08:03:23 2016 -0500
RT4304: Look for plaintext HTTP
Reviewed-by: Richard Levitte <[email protected]>
-----------------------------------------------------------------------
Summary of changes:
ssl/record/ssl3_record.c | 15 +++++++++++++++
1 file changed, 15 insertions(+)
diff --git a/ssl/record/ssl3_record.c b/ssl/record/ssl3_record.c
index 60e8042..919202a 100644
--- a/ssl/record/ssl3_record.c
+++ b/ssl/record/ssl3_record.c
@@ -274,6 +274,21 @@ int ssl3_get_record(SSL *s)
}
if ((version >> 8) != SSL3_VERSION_MAJOR) {
+ if (s->first_packet) {
+ /* Go back to start of packet, look at the five bytes
+ * that we have. */
+ p = RECORD_LAYER_get_packet(&s->rlayer);
+ if (strncmp((char *)p, "GET ", 4) == 0 ||
+ strncmp((char *)p, "POST ", 5) == 0 ||
+ strncmp((char *)p, "HEAD ", 5) == 0 ||
+ strncmp((char *)p, "PUT ", 4) == 0) {
+ SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_HTTP_REQUEST);
+ goto err;
+ } else if (strncmp((char *)p, "CONNE", 5) == 0) {
+ SSLerr(SSL_F_SSL3_GET_RECORD,
SSL_R_HTTPS_PROXY_REQUEST);
+ goto err;
+ }
+ }
SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_WRONG_VERSION_NUMBER);
goto err;
}
_____
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
