Don't try to reconnect SSLv2 over DTLS (UDP). Fixes #1543

2026-01-09 16:09:03 +00:00 · 2019-04-08 22:29:47 +00:00
parent d014a474dc
commit 7b523f0643
2 changed files with 5 additions and 1 deletions
--- a/3
+++ b/3
@@ -1,5 +1,8 @@
 #Nmap Changelog ($Id$); -*-text-*-

+o [Nsock][GH#1543] Avoid a crash (Protocol not supported) caused by trying to
+  reconnect with SSLv2 when an error occurs during DTLS connect. [Daniel Miller]
+
 o [NSE][GH#1016][GH#1082] New script http-hp-ilo-info to extract information
  from HP Integrated Lights-Out (iLO) servers. [rajeevrmenon97]

--- a/nsock/src/nsock_core.c
+++ b/nsock/src/nsock_core.c
@@ -459,7 +459,8 @@ void handle_connect_result(struct npool *ms, struct nevent *nse, enum nse_status
        nse->sslinfo.ssl_desire = sslerr;
        socket_count_write_inc(iod);
        update_events(iod, ms, nse, EV_WRITE, EV_NONE);
-      } else if (!(options & SSL_OP_NO_SSLv2)) {
+      } else if (iod->lastproto != IPPROTO_UDP && !(options & SSL_OP_NO_SSLv2)) {
+        /* SSLv2 does not apply to DTLS, so ensure lastproto was not UDP. */
        int saved_ev;

        /* SSLv3-only and TLSv1-only servers can't be connected to when the