Skip to content

Commit 4a2c349

Browse files
committed
crypto: fix version check in hello parser
This is a follow up for 89cb740
1 parent 89cb740 commit 4a2c349

1 file changed

Lines changed: 12 additions & 5 deletions

File tree

src/node_crypto_clienthello.cc

Lines changed: 12 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -85,6 +85,12 @@ bool ClientHelloParser::ParseRecordHeader(const uint8_t* data, size_t avail) {
8585
return true;
8686
}
8787

88+
#ifdef OPENSSL_NO_SSL2
89+
# define NODE_SSL2_VER_CHECK(buf) false
90+
#else
91+
# define NODE_SSL2_VER_CHECK(buf) ((buf)[0] == 0x00 && (buf)[1] == 0x02)
92+
#endif // OPENSSL_NO_SSL2
93+
8894

8995
void ClientHelloParser::ParseHeader(const uint8_t* data, size_t avail) {
9096
ClientHello hello;
@@ -95,12 +101,10 @@ void ClientHelloParser::ParseHeader(const uint8_t* data, size_t avail) {
95101

96102
// Skip unsupported frames and gather some data from frame
97103
// Check hello protocol version
98-
if (!(data[body_offset_ + 4] == 0x03 && data[body_offset_ + 5] <= 0x03))
104+
if (!(data[body_offset_ + 4] == 0x03 && data[body_offset_ + 5] <= 0x03) &&
105+
!NODE_SSL2_VER_CHECK(data + body_offset_ + 4)) {
99106
goto fail;
100-
#ifndef OPENSSL_NO_SSL2
101-
if (!(data[body_offset_ + 4] == 0x00 && data[body_offset_ + 5] == 0x02))
102-
goto fail;
103-
#endif
107+
}
104108

105109
if (data[body_offset_] == kClientHello) {
106110
if (state_ == kTLSHeader) {
@@ -141,6 +145,9 @@ void ClientHelloParser::ParseHeader(const uint8_t* data, size_t avail) {
141145
}
142146

143147

148+
#undef NODE_SSL2_VER_CHECK
149+
150+
144151
void ClientHelloParser::ParseExtension(ClientHelloParser::ExtensionType type,
145152
const uint8_t* data,
146153
size_t len) {

0 commit comments

Comments
 (0)