TLS: Fix record layer protocol version validation

TLS v1.0 and v1.1 RFCs were not exactly clear on the use of the protocol version in record later. As such, accept any {03,xx} value to remain compatible with existing implementations and new protocol versions.
2011-09-25 16:48:06 +03:00 · 2011-09-25 16:48:06 +03:00 · 61f1ed911d
parent 54b8f99454
commit 61f1ed911d
1 changed files with 8 additions and 3 deletions
--- a/src/tls/tlsv1_record.c
+++ b/src/tls/tlsv1_record.c
@ -1,6 +1,6 @@
 /*
 * TLSv1 Record Protocol
- * Copyright (c) 2006-2007, Jouni Malinen <j@w1.fi>
+ * Copyright (c) 2006-2011, Jouni Malinen <j@w1.fi>
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License version 2 as
@ -275,9 +275,14 @@ int tlsv1_record_receive(struct tlsv1_record_layer *rl,
 		return -1;
 	}

-	if (WPA_GET_BE16(in_data + 1) != TLS_VERSION) {
+	/*
+	 * TLS v1.0 and v1.1 RFCs were not exactly clear on the use of the
+	 * protocol version in record layer. As such, accept any {03,xx} value
+	 * to remain compatible with existing implementations.
+	 */
+	if (in_data[1] != 0x03) {
 		wpa_printf(MSG_DEBUG, "TLSv1: Unexpected protocol version "
-			   "%d.%d", in_data[1], in_data[2]);
+			   "%u.%u", in_data[1], in_data[2]);
 		*alert = TLS_ALERT_PROTOCOL_VERSION;
 		return -1;
 	}