From fff7faf1917867f66227260f1ff89df2ee8edf68 Mon Sep 17 00:00:00 2001 From: Martin Nilsson <nilsson@opera.com> Date: Tue, 31 Mar 2015 19:05:16 +0200 Subject: [PATCH] Don't process any more handshake packages once handshake is completed. --- lib/modules/SSL.pmod/Connection.pike | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/lib/modules/SSL.pmod/Connection.pike b/lib/modules/SSL.pmod/Connection.pike index 93e48e45ee..e04146c2a3 100644 --- a/lib/modules/SSL.pmod/Connection.pike +++ b/lib/modules/SSL.pmod/Connection.pike @@ -901,6 +901,19 @@ string(8bit)|int got_data(string(8bit) data) return err; if (err > 0) { state &= ~CONNECTION_handshaking; + if( expect_change_cipher && sizeof(handshake_buffer) ) + { + send_packet(alert(ALERT_fatal, ALERT_unexpected_message, + "Extraneous handshake packets.\n")); + return -1; + } + if( !secure_renegotiation && sizeof(handshake_buffer) ) + { + send_packet(alert(ALERT_fatal, ALERT_no_renegotiation, + "Renegotiation not supported in unsecure " + "mode.\n")); + return -1; + } } } break; -- GitLab