aboutsummaryrefslogtreecommitdiff
path: root/openssl/ssl/s3_pkt.c
diff options
context:
space:
mode:
Diffstat (limited to 'openssl/ssl/s3_pkt.c')
-rw-r--r--openssl/ssl/s3_pkt.c13
1 files changed, 12 insertions, 1 deletions
diff --git a/openssl/ssl/s3_pkt.c b/openssl/ssl/s3_pkt.c
index 7c9f20c8f..25cf929a5 100644
--- a/openssl/ssl/s3_pkt.c
+++ b/openssl/ssl/s3_pkt.c
@@ -347,11 +347,22 @@ static int ssl3_get_record(SSL *s)
if (version != s->version) {
SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_WRONG_VERSION_NUMBER);
if ((s->version & 0xFF00) == (version & 0xFF00)
- && !s->enc_write_ctx && !s->write_hash)
+ && !s->enc_write_ctx && !s->write_hash) {
+ if (rr->type == SSL3_RT_ALERT) {
+ /*
+ * The record is using an incorrect version number, but
+ * what we've got appears to be an alert. We haven't
+ * read the body yet to check whether its a fatal or
+ * not - but chances are it is. We probably shouldn't
+ * send a fatal alert back. We'll just end.
+ */
+ goto err;
+ }
/*
* Send back error using their minor version number :-)
*/
s->version = (unsigned short)version;
+ }
al = SSL_AD_PROTOCOL_VERSION;
goto f_err;
}