Disallow SSL2_VERSION record version in an SSLv3 record header

When validate_record_header() gets called it should be able to rely on
the fact that an SSLv2 record version means that the record was received in
SSLv2 format.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18132)

diff --git a/ssl/record/methods/tls_common.c b/ssl/record/methods/tls_common.c
index c80dd63631b3f3fdcfdc282ebdcd9f61e3828bf3..703a9e0715e7a6bd8a4add191c384f1b48641495 100644 (file)
--- a/ssl/record/methods/tls_common.c
+++ b/ssl/record/methods/tls_common.c
@@ -517,6 +517,18 @@ static int tls_get_more_records(OSSL_RECORD_LAYER *rl,
                 thisrr->type = type;
                 thisrr->rec_version = version;
 
+                /*
+                 * When we call validate_record_header() only records actually
+                 * received in SSLv2 format should have the record version set
+                 * to SSL2_VERSION. This way validate_record_header() can know
+                 * what format the record was in based on the version.
+                 */
+                if (thisrr->rec_version == SSL2_VERSION) {
+                    RLAYERfatal(rl, SSL_AD_PROTOCOL_VERSION,
+                                SSL_R_WRONG_VERSION_NUMBER);
+                    return OSSL_RECORD_RETURN_FATAL;
+                }
+
                 if (s->msg_callback)
                     s->msg_callback(0, version, SSL3_RT_HEADER, p, 5, ssl,
                                     s->msg_callback_arg);