jeltz/hostap
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

TLS: Fix record layer protocol version validation

Browse source 
TLS v1.0 and v1.1 RFCs were not exactly clear on the use of the
protocol version in record later. As such, accept any {03,xx} value
to remain compatible with existing implementations and new protocol
versions.
This commit is contained in:
Jouni Malinen 2011-09-25 16:48:06 +03:00
parent 54b8f99454
commit 61f1ed911d
1 changed files with 8 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
src/tls/tlsv1_record.c
View file

@ -1,6 +1,6 @@
/* /*
* TLSv1 Record Protocol * TLSv1 Record Protocol
* Copyright (c) 2006-2007, Jouni Malinen <j@w1.fi> * Copyright (c) 2006-2011, Jouni Malinen <j@w1.fi>
* *
* This program is free software; you can redistribute it and/or modify * This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2 as * it under the terms of the GNU General Public License version 2 as
@ -275,9 +275,14 @@ int tlsv1_record_receive(struct tlsv1_record_layer *rl,
return -1; return -1;
} }
if (WPA_GET_BE16(in_data + 1) != TLS_VERSION) { /*
* TLS v1.0 and v1.1 RFCs were not exactly clear on the use of the
* protocol version in record layer. As such, accept any {03,xx} value
* to remain compatible with existing implementations.
*/
if (in_data[1] != 0x03) {
wpa_printf(MSG_DEBUG, "TLSv1: Unexpected protocol version " wpa_printf(MSG_DEBUG, "TLSv1: Unexpected protocol version "
"%d.%d", in_data[1], in_data[2]); "%u.%u", in_data[1], in_data[2]);
*alert = TLS_ALERT_PROTOCOL_VERSION; *alert = TLS_ALERT_PROTOCOL_VERSION;
return -1; return -1;
} }