diff options
Diffstat (limited to 'src/node_crypto_clienthello.cc')
-rw-r--r-- | src/node_crypto_clienthello.cc | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/src/node_crypto_clienthello.cc b/src/node_crypto_clienthello.cc index 34507858c9..8fbc3161f8 100644 --- a/src/node_crypto_clienthello.cc +++ b/src/node_crypto_clienthello.cc @@ -61,13 +61,15 @@ void ClientHelloParser::ParseHeader(const uint8_t* data, size_t avail) { // Check hello protocol version. Protocol tuples that we know about: // - // (3,0) SSL v3.0 // (3,1) TLS v1.0 // (3,2) TLS v1.1 // (3,3) TLS v1.2 // - if (data[body_offset_ + 4] != 0x03 || data[body_offset_ + 5] > 0x03) + if (data[body_offset_ + 4] != 0x03 || + data[body_offset_ + 5] < 0x01 || + data[body_offset_ + 5] > 0x03) { goto fail; + } if (data[body_offset_] == kClientHello) { if (state_ == kTLSHeader) { |