Re: Serious Bug in ssl3_get_record

Fung Wed, 13 Sep 2000 19:47:13 -0700
But I know SSLv23_method has bugs at this version 0.9.5a. I really hope that
0.9.6 can solve all problems I have found so far.

> Have you tried using the SSLv23_method() instead of the SSLv3_method()?

> The problem is that if I use SSLv3_method to connect to a client that
> supports SSLv2 ONLY. Then we function ssl3_get_record always returns
"WRONG
> VERSION NUMBER". Should I try to connect again with SSLv2_method??
>
> On Sat, Sep 09, 2000 at 09:19:34AM +0800, Fung wrote:
>
> > If you look at the source code, you will see the following
> > static int ssl3_get_record(SSL *s)
> > [...skipped]
> >   n=ssl3_read_n(s,SSL3_RT_HEADER_LENGTH,
> >    SSL3_RT_MAX_PACKET_SIZE,0);
> >   if (n <= 0) return(n); /* error or non-blocking */
> >   s->rstate=SSL_ST_READ_BODY;
> >
> >   p=s->packet;
> >
> >   /* Pull apart the header into the SSL3_RECORD */
> >   rr->type= *(p++);
> >   ssl_major= *(p++);            <-- WRONG!!
> >   ssl_minor= *(p++);            <-- WRONG!!
> >   version=(ssl_major<<8)|ssl_minor;
> >   n2s(p,rr->length);
> >
> > If you smart enough, you will see that ssl_major and ssl_minor is
wrongly
> > assigned and will NEVER get the correct version. Because the version
> number
> > is stored at the 3rd and the 4th byte of p.
>
> According to what specification?!  According to RFC 2246 (and,
> similarly, the SSL 3.0 drafts), the version number immediately follows
> the ContentType byte.  And that's also where it is located in real life:
>
> $ openssl s_client -debug -connect www.microsoft.com:443
> [...]
> read from 00156C48 [0015E320] (7 bytes => 7 (0x7))
> 0000 - 16 03 01 02 a9 02                                 ......
> 0007 - <SPACES/NULS>
> [...]
> ______________________________________________________________________
> OpenSSL Project                                 http://www.openssl.org
> User Support Mailing List                    [EMAIL PROTECTED]
> Automated List Manager                           [EMAIL PROTECTED]
>
> ______________________________________________________________________
> OpenSSL Project                                 http://www.openssl.org
> User Support Mailing List                    [EMAIL PROTECTED]
> Automated List Manager                           [EMAIL PROTECTED]
>



                  Jeffrey Altman * Sr.Software Designer
                 The Kermit Project * Columbia University
               612 West 115th St * New York, NY * 10025 * USA
     http://www.kermit-project.org/ * [EMAIL PROTECTED]


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]
Re: Serious Bug in ssl3_get_record

Reply via email to
