[openssl.org #851] A bug in the bugfix for CAN-2004-0079

[David Holmes via RT]

Here is my guess at the correct fix as applied to 0.9.7d/ssl/s3_pkt.c

Can you confirm?  Also, if you publish this bug I would love a credit in
the change log.


% diff -u ssl/s3_pkt.c ssl/s3_pkt_good.c 
--- ssl/s3_pkt.c        Wed Mar 17 03:40:44 2004
+++ ssl/s3_pkt_good.c   Thu Mar 18 15:24:47 2004
@@ -1074,17 +1074,17 @@
                if (    (rr->length != 1) || (rr->off != 0) ||
                        (rr->data[0] != SSL3_MT_CCS))
                        {
-                       i=SSL_AD_ILLEGAL_PARAMETER;
+                       al=SSL_AD_ILLEGAL_PARAMETER;
 
SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_BAD_CHANGE_CIPHER_SPEC);
-                       goto err;
+                       goto f_err;
                        }
 
                /* Check we have a cipher to change to */
                if (s->s3->tmp.new_cipher == NULL)
                        {
-                       i=SSL_AD_UNEXPECTED_MESSAGE;
+                       al=SSL_AD_UNEXPECTED_MESSAGE;
 
SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_CCS_RECEIVED_EARLY);
-                       goto err;
+                       goto f_err;
                        }
 
                rr->length=0;


David Holmes
F5 Networks
[EMAIL PROTECTED]

F5 is the leader in Internet Traffic Management. 
CONTROL YOUR WORLD

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]