Hello,
I would like to suggest a patch to ssl/s3_clnt.c (version 1.146) to
remove two erroneous comma expressions in that file.
--- s3_clnt.c.orig 2010-02-28 08:24:24.000000000 +0800
+++ s3_clnt.c 2010-08-28 22:36:25.000000000 +0800
@@ -1833,7 +1833,7 @@
if (n < 6)
{
/* need at least ticket_lifetime_hint + ticket length */
- al = SSL3_AL_FATAL,SSL_AD_DECODE_ERROR;
+ al = SSL_AD_DECODE_ERROR;
SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET,SSL_R_LENGTH_MISMATCH);
goto f_err;
}
@@ -1844,7 +1844,7 @@
/* ticket_lifetime_hint + ticket_length + ticket */
if (ticklen + 6 != n)
{
- al = SSL3_AL_FATAL,SSL_AD_DECODE_ERROR;
+ al = SSL_AD_DECODE_ERROR;
SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET,SSL_R_LENGTH_MISMATCH);
goto f_err;
}
Comma expressions are evaluated left-to-right, but the comma operator
takes lower precedence than assignments, and therefore the value on
the right of comma (which is SSL_AD_DECODE_ERROR, the actual alert
code for SSL) is never used.
Also, a patch to ssl/s3_clnt.c (1.146)
--- s3_clnt.c.orig 2010-02-28 08:24:24.000000000 +0800
+++ s3_clnt.c 2010-08-28 22:58:59.000000000 +0800
@@ -950,7 +950,7 @@
/* wrong packet length */
al=SSL_AD_DECODE_ERROR;
SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_BAD_PACKET_LENGTH);
- goto err;
+ goto f_err;
}
Since alert code al has been set, the library should then goto f_err
to make the following function call to send the alert code:
ssl3_send_alert(s,SSL3_AL_FATAL,al);
Hope this helps.
Cheers,
Tianjie Mao
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [email protected]
Automated List Manager [email protected]
