Hi,
It seems that I've found two small bugs in OpenSSL (at least 0.9.6c and the latest snapshot). In ssl/s3_srvr.c function ssl3_get_client_hello, after the last field (compression) has been parsed, there's a test: /* TLS does not mind if there is extra stuff */ if (s->version == SSL3_VERSION) { if (p > (d+n)) { /* wrong number of bytes, * there could be more to follow */ al=SSL_AD_DECODE_ERROR; SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_LENGTH_MISMATCH); goto f_err; } } Here "d" points to the start of the message, "p" to the current location, and "n" is the length of the frame. There are actually two bugs: First, the test should of course be "p < (d+n)". Second, if "p > (d+n)" then we have read past the end of the packet anyway so it is an error no matter which protocol version we have. It seems that the memory buffer allocated is always large enough, so this does not crash OpenSSL or anything like that, but it causes OpenSSL to accept invalid hello packets. Best regards, Pasi -- Pasi Eronen E-mail [EMAIL PROTECTED] Nixu Oy Tel +358 50 5123499 Mäkelänkatu 91, 00610 Helsinki Fax +358 9 4781030 ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]