From: Matt Caswell <matt@openssl.org>
Date: Wed, 18 May 2022 14:26:04 +0000 (+0100)
Subject: Disallow SSL2_VERSION record version in an SSLv3 record header
X-Git-Tag: openssl-3.2.0-alpha1~2239
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=014baa8a6dec5956416baad5af4ddda13bf74341;p=thirdparty%2Fopenssl.git

Disallow SSL2_VERSION record version in an SSLv3 record header

When validate_record_header() gets called it should be able to rely on
the fact that an SSLv2 record version means that the record was received in
SSLv2 format.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18132)
---

diff --git a/ssl/record/methods/tls_common.c b/ssl/record/methods/tls_common.c
index c80dd63631b..703a9e0715e 100644
--- a/ssl/record/methods/tls_common.c
+++ b/ssl/record/methods/tls_common.c
@@ -517,6 +517,18 @@ static int tls_get_more_records(OSSL_RECORD_LAYER *rl,
                 thisrr->type = type;
                 thisrr->rec_version = version;
 
+                /*
+                 * When we call validate_record_header() only records actually
+                 * received in SSLv2 format should have the record version set
+                 * to SSL2_VERSION. This way validate_record_header() can know
+                 * what format the record was in based on the version.
+                 */
+                if (thisrr->rec_version == SSL2_VERSION) {
+                    RLAYERfatal(rl, SSL_AD_PROTOCOL_VERSION,
+                                SSL_R_WRONG_VERSION_NUMBER);
+                    return OSSL_RECORD_RETURN_FATAL;
+                }
+
                 if (s->msg_callback)
                     s->msg_callback(0, version, SSL3_RT_HEADER, p, 5, ssl,
                                     s->msg_callback_arg);