*** ssl_connection.erl	2007-11-26 10:11:33.000000000 -0300
--- new/ssl_connection.erl	2008-02-20 15:19:00.000000000 -0300
***************
*** 1318,1323 ****
--- 1318,1333 ----
  		   _/binary>>, _) when (Flags band 1) == 1 ->
      {Size + ?CDR_HDR_SIZE, 0};
  
+ check_packet(asn1, <<>>, BytesToRead)  ->
+ 	{BytesToRead+1,0};
+ 
+ check_packet(asn1,Buffer,BytesToRead) ->
+ 	case asn1_packet_length(Buffer) of
+ 		{ok,Length}	-> {Length,0};
+ 		not_enough_data -> {BytesToRead+1,0} 
+ 		  %%packet header incomplete, needs more data to extract packet length
+ 	end;
+ 
  check_packet(line, Buffer, BytesToRead) ->
      case upto_newline(Buffer) of
          <<>> ->
***************
*** 1334,1339 ****
--- 1344,1365 ----
  upto_newline(<<>>) ->
      <<>>.
  
+ asn1_packet_length(Buffer) ->
+ 	try asn1rt_ber_bin:decode_tag_and_length(Buffer) of
+  		{Tag, Len,_Rest,RemovedBytes} ->	{ok,Len+RemovedBytes}
+  	catch
+ 		_Type:_Error -> 
+ 			   if 
+ 				(size(Buffer) > ?MAX_ASN1_HEADER) -> 
+ 					throw({asn1_packet_header_maxsize,Buffer});
+ 			%%MAX_ASN1_HEADER used as hard limit for the length of the packet 
+ 			%%header,to prevent from malicious code trying DoS attacks.
+ 			%%This isn't in the BER encoding specification, so MAX_ASN1_HEADER
+ 			%%should be big enough to not discard valid packets. 
+ 				true -> not_enough_data
+ 			    end
+ 	end.
+ 
  opposite_role(client) ->
      server;
  opposite_role(server) ->
*** ssl_internal.hrl	2007-11-26 10:11:34.000000000 -0300
--- new/ssl_internal.hrl	2008-02-20 15:18:03.000000000 -0300
***************
*** 48,53 ****
--- 48,58 ----
  -define(DEFAULT_SUPPORTED_VERSIONS, [sslv3]). % TODO: This is temporary
  %-define(DEFAULT_SUPPORTED_VERSIONS, ['tlsv1.1', tlsv1, sslv3]).
  
+ -define(MAX_ASN1_HEADER,256).
+   %%used as hard limit for the length of the asn1 packet header,
+   %%Max length of the length field: 128bytes (defined, ber encoding rules)
+   %%Max length of the Tag field: 128bytes (imposed here to prevent DoS)
+ 
  -record(ssl_options, {
  	  verify,     % 
  	  depth,      %
*** ssl.erl	2007-11-26 10:08:39.000000000 -0300
--- new/ssl.erl	2008-02-20 15:24:44.000000000 -0300
***************
*** 569,574 ****
--- 569,575 ----
  				    Value == 1;
  				    Value == 2;
  				    Value == 4;
+ 				    Value == asn1;
  				    Value == cdr;
  				    Value == line  ->
      Value;