From 014baa8a6dec5956416baad5af4ddda13bf74341 Mon Sep 17 00:00:00 2001
From: Matt Caswell <matt@openssl.org>
Date: Wed, 18 May 2022 15:26:04 +0100
Subject: [PATCH] Disallow SSL2_VERSION record version in an SSLv3 record
 header

When validate_record_header() gets called it should be able to rely on
the fact that an SSLv2 record version means that the record was received in
SSLv2 format.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18132)
---
 ssl/record/methods/tls_common.c | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/ssl/record/methods/tls_common.c b/ssl/record/methods/tls_common.c
index c80dd63631b..703a9e0715e 100644
--- a/ssl/record/methods/tls_common.c
+++ b/ssl/record/methods/tls_common.c
@@ -517,6 +517,18 @@ static int tls_get_more_records(OSSL_RECORD_LAYER *rl,
                 thisrr->type = type;
                 thisrr->rec_version = version;
 
+                /*
+                 * When we call validate_record_header() only records actually
+                 * received in SSLv2 format should have the record version set
+                 * to SSL2_VERSION. This way validate_record_header() can know
+                 * what format the record was in based on the version.
+                 */
+                if (thisrr->rec_version == SSL2_VERSION) {
+                    RLAYERfatal(rl, SSL_AD_PROTOCOL_VERSION,
+                                SSL_R_WRONG_VERSION_NUMBER);
+                    return OSSL_RECORD_RETURN_FATAL;
+                }
+
                 if (s->msg_callback)
                     s->msg_callback(0, version, SSL3_RT_HEADER, p, 5, ssl,
                                     s->msg_callback_arg);
-- 
2.47.2