Hi OpenSSL developpers.
I found a small bug in `ssl/s3_both.c'.
The ssl3_get_message function configured client side (! s->server)
receives SSL3_MT_HELLO_REQUEST (SSLv3 Hello Request), then fall into
eternal loop.
`do-while loop` between 362 line and 388 line has no condition to
escape from it when receives the SSL3_MT_HELLO_REQUEST message
correctly.
SSL3_MT_HELLO_REQUEST is constructed 4 NULL bytes. At the 384 line it
recognize SSL3_MT_HELLO_REQUEST and will ignore the message. But when
next loop, s->init_num is already 4, so it doesn't read any more and
evaluates same message. Finally, never escapes from it.
I made tiny patch for OpenSSL 0.9.5a and 0.9.6b.
----------------------------------------------------- BEGIN
--- s3_both.c.orig Fri Nov 16 05:34:07 2001
+++ s3_both.c Fri Nov 16 05:34:19 2001
@@ -383,7 +383,10 @@
* if their format is correct. Does not count for
* 'Finished' MAC. */
if (p[1] == 0 && p[2] == 0 &&p[3] == 0)
+ {
skip_message = 1;
+ s->init_num = 0; /* need CLEAR!! */
+ }
}
while (skip_message);
----------------------------------------------------- END
--------
Kawabe,Yoshihiro <[EMAIL PROTECTED]> in Amnis Corp.
There's a Victory for ME! by L. I.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
