andreacavalli/netty5
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Oops, wrong validation

Browse Source
This commit is contained in:
Trustin Lee 2010-03-03 09:17:30 +00:00
parent 6aa6694822
commit 8c81a1c8d8
1 changed files with 4 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
src/main/java/org/jboss/netty/handler/ssl/SslHandler.java
View File

@ -539,7 +539,8 @@ public class SslHandler extends FrameDecoder
if (majorVersion >= 3 && majorVersion < 10) { if (majorVersion >= 3 && majorVersion < 10) {
// SSLv3 or TLS // SSLv3 or TLS
packetLength = (buffer.getShort(buffer.readerIndex() + 3) & 0xFFFF) + 5; packetLength = (buffer.getShort(buffer.readerIndex() + 3) & 0xFFFF) + 5;
if (packetLength == 0) { if (packetLength <= 5) {
// Neither SSLv2 or TLSv1 (i.e. SSLv2 or bad data)
tls = false; tls = false;
} }
} else { } else {
@ -562,14 +563,14 @@ public class SslHandler extends FrameDecoder
} else { } else {
packetLength = (buffer.getShort(buffer.readerIndex()) & 0x3FFF) + 3; packetLength = (buffer.getShort(buffer.readerIndex()) & 0x3FFF) + 3;
} }
if (packetLength == 0) { if (packetLength <= headerLength) {
sslv2 = false; sslv2 = false;
} }
} else { } else {
sslv2 = false; sslv2 = false;
} }
if (sslv2) { if (!sslv2) {
// Bad data - discard the buffer and raise an exception. // Bad data - discard the buffer and raise an exception.
SSLException e = new SSLException( SSLException e = new SSLException(
"not an SSL/TLS record: " + ChannelBuffers.hexDump(buffer)); "not an SSL/TLS record: " + ChannelBuffers.hexDump(buffer));