diff options
author | Rainer Jung <rainer.jung@kippdata.de> | 2016-02-13 08:03:23 -0500 |
---|---|---|
committer | Rich Salz <rsalz@openssl.org> | 2016-02-13 14:29:26 -0500 |
commit | 124f6ff4c248842f52fa45b21efe58159413e8f7 (patch) | |
tree | 8b0ab947c5eff955a3b42d55449fb13e5b01544d /ssl | |
parent | f0ff328e360f56d8a79cbb61b2931a13fb7199c2 (diff) | |
download | openssl-124f6ff4c248842f52fa45b21efe58159413e8f7.zip openssl-124f6ff4c248842f52fa45b21efe58159413e8f7.tar.gz openssl-124f6ff4c248842f52fa45b21efe58159413e8f7.tar.bz2 |
RT4304: Look for plaintext HTTP
Reviewed-by: Richard Levitte <levitte@openssl.org>
Diffstat (limited to 'ssl')
-rw-r--r-- | ssl/record/ssl3_record.c | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/ssl/record/ssl3_record.c b/ssl/record/ssl3_record.c index 60e8042..919202a 100644 --- a/ssl/record/ssl3_record.c +++ b/ssl/record/ssl3_record.c @@ -274,6 +274,21 @@ int ssl3_get_record(SSL *s) } if ((version >> 8) != SSL3_VERSION_MAJOR) { + if (s->first_packet) { + /* Go back to start of packet, look at the five bytes + * that we have. */ + p = RECORD_LAYER_get_packet(&s->rlayer); + if (strncmp((char *)p, "GET ", 4) == 0 || + strncmp((char *)p, "POST ", 5) == 0 || + strncmp((char *)p, "HEAD ", 5) == 0 || + strncmp((char *)p, "PUT ", 4) == 0) { + SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_HTTP_REQUEST); + goto err; + } else if (strncmp((char *)p, "CONNE", 5) == 0) { + SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_HTTPS_PROXY_REQUEST); + goto err; + } + } SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_WRONG_VERSION_NUMBER); goto err; } |