From b804565a8512a0217788ca5c0705bfc8a07963de Mon Sep 17 00:00:00 2001
From: jasper <>
Date: Wed, 31 Mar 2010 12:16:44 +0000
Subject: Security fix for CVE-2010-0740

"In TLS connections, certain incorrectly formatted records can cause an OpenSSL
client or server to crash due to a read attempt at NULL."

http://openssl.org/news/secadv_20100324.txt

ok djm@ sthen@
---
 src/lib/libssl/src/ssl/s3_pkt.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/src/lib/libssl/src/ssl/s3_pkt.c b/src/lib/libssl/src/ssl/s3_pkt.c
index b98b84044f..515739c08c 100644
--- a/src/lib/libssl/src/ssl/s3_pkt.c
+++ b/src/lib/libssl/src/ssl/s3_pkt.c
@@ -282,9 +282,10 @@ again:
 			if (version != s->version)
 				{
 				SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_WRONG_VERSION_NUMBER);
-				/* Send back error using their
-				 * version number :-) */
-				s->version=version;
+                                if ((s->version & 0xFF00) == (version & 0xFF00))
+                                	/* Send back error using their
+					 * minor version number :-) */
+					s->version = (unsigned short)version;
 				al=SSL_AD_PROTOCOL_VERSION;
 				goto f_err;
 				}
-- 
cgit v1.2.3-55-g6feb