TLS: Fix record layer protocol version validation
TLS v1.0 and v1.1 RFCs were not exactly clear on the use of the
protocol version in record later. As such, accept any {03,xx} value
to remain compatible with existing implementations and new protocol
versions.
This commit is contained in:
Jouni Malinen
parent
54b8f99454
commit
61f1ed911d
1 changed files with 8 additions and 3 deletions
|
|
@ -1,6 +1,6 @@
|
||||||
/*
|
/*
|
||||||
* TLSv1 Record Protocol
|
* TLSv1 Record Protocol
|
||||||
* Copyright (c) 2006-2007, Jouni Malinen <j@w1.fi>
|
* Copyright (c) 2006-2011, Jouni Malinen <j@w1.fi>
|
||||||
*
|
*
|
||||||
* This program is free software; you can redistribute it and/or modify
|
* This program is free software; you can redistribute it and/or modify
|
||||||
* it under the terms of the GNU General Public License version 2 as
|
* it under the terms of the GNU General Public License version 2 as
|
||||||
|
|
@ -275,9 +275,14 @@ int tlsv1_record_receive(struct tlsv1_record_layer *rl,
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (WPA_GET_BE16(in_data + 1) != TLS_VERSION) {
|
/*
|
||||||
|
* TLS v1.0 and v1.1 RFCs were not exactly clear on the use of the
|
||||||
|
* protocol version in record layer. As such, accept any {03,xx} value
|
||||||
|
* to remain compatible with existing implementations.
|
||||||
|
*/
|
||||||
|
if (in_data[1] != 0x03) {
|
||||||
wpa_printf(MSG_DEBUG, "TLSv1: Unexpected protocol version "
|
wpa_printf(MSG_DEBUG, "TLSv1: Unexpected protocol version "
|
||||||
"%d.%d", in_data[1], in_data[2]);
|
"%u.%u", in_data[1], in_data[2]);
|
||||||
*alert = TLS_ALERT_PROTOCOL_VERSION;
|
*alert = TLS_ALERT_PROTOCOL_VERSION;
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue