|
|
fd2893 |
diff -up openssl-1.0.2k/ssl/s3_srvr.c.long-hello openssl-1.0.2k/ssl/s3_srvr.c
|
|
|
fd2893 |
--- openssl-1.0.2k/ssl/s3_srvr.c.long-hello 2017-03-09 17:59:26.000000000 +0100
|
|
|
fd2893 |
+++ openssl-1.0.2k/ssl/s3_srvr.c 2017-03-30 09:11:35.639338753 +0200
|
|
|
fd2893 |
@@ -899,6 +899,23 @@ int ssl3_send_hello_request(SSL *s)
|
|
|
fd2893 |
return ssl_do_write(s);
|
|
|
fd2893 |
}
|
|
|
fd2893 |
|
|
|
fd2893 |
+/*
|
|
|
fd2893 |
+ * Maximum size (excluding the Handshake header) of a ClientHello message,
|
|
|
fd2893 |
+ * calculated as follows:
|
|
|
fd2893 |
+ *
|
|
|
fd2893 |
+ * 2 + # client_version
|
|
|
fd2893 |
+ * 32 + # only valid length for random
|
|
|
fd2893 |
+ * 1 + # length of session_id
|
|
|
fd2893 |
+ * 32 + # maximum size for session_id
|
|
|
fd2893 |
+ * 2 + # length of cipher suites
|
|
|
fd2893 |
+ * 2^16-2 + # maximum length of cipher suites array
|
|
|
fd2893 |
+ * 1 + # length of compression_methods
|
|
|
fd2893 |
+ * 2^8-1 + # maximum length of compression methods
|
|
|
fd2893 |
+ * 2 + # length of extensions
|
|
|
fd2893 |
+ * 2^16-1 # maximum length of extensions
|
|
|
fd2893 |
+ */
|
|
|
fd2893 |
+#define CLIENT_HELLO_MAX_LENGTH 131396
|
|
|
fd2893 |
+
|
|
|
fd2893 |
int ssl3_get_client_hello(SSL *s)
|
|
|
fd2893 |
{
|
|
|
fd2893 |
int i, j, ok, al = SSL_AD_INTERNAL_ERROR, ret = -1, cookie_valid = 0;
|
|
|
fd2893 |
@@ -930,7 +947,7 @@ int ssl3_get_client_hello(SSL *s)
|
|
|
fd2893 |
SSL3_ST_SR_CLNT_HELLO_B,
|
|
|
fd2893 |
SSL3_ST_SR_CLNT_HELLO_C,
|
|
|
fd2893 |
SSL3_MT_CLIENT_HELLO,
|
|
|
fd2893 |
- SSL3_RT_MAX_PLAIN_LENGTH, &ok;;
|
|
|
fd2893 |
+ CLIENT_HELLO_MAX_LENGTH, &ok;;
|
|
|
fd2893 |
|
|
|
fd2893 |
if (!ok)
|
|
|
fd2893 |
return ((int)n);
|