mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2024-11-21 01:15:20 +08:00
Code Issues Packages Projects Releases Wiki Activity

Fix DTLS1_BAD_VER regression

Browse Source 
Commit 9cf0f187 in HEAD, and 68039af3 in 1.0.2, removed a version check
from dtls1_buffer_message() which was needed to distinguish between DTLS
1.x and Cisco's pre-standard version of DTLS (DTLS1_BAD_VER).

Based on an original patch by David Woodhouse <dwmw2@infradead.org>
RT#3703

Reviewed-by: Tim Hudson <tjh@openssl.org>
This commit is contained in:
Matt Caswell 2015-03-02 14:34:19 +00:00
parent a8ae0891d4
commit 5178a16c43
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
ssl/d1_both.c
View File

@ -1086,8 +1086,10 @@ int dtls1_buffer_message(SSL *s, int is_ccs)
memcpy(frag->fragment, s->init_buf->data, s->init_num);
if (is_ccs) {
/* For DTLS1_BAD_VER the header length is non-standard */
OPENSSL_assert(s->d1->w_msg_hdr.msg_len +
DTLS1_CCS_HEADER_LENGTH == (unsigned int)s->init_num);
((s->version==DTLS1_BAD_VER)?3:DTLS1_CCS_HEADER_LENGTH)
== (unsigned int)s->init_num);
} else {
OPENSSL_assert(s->d1->w_msg_hdr.msg_len +
DTLS1_HM_HEADER_LENGTH == (unsigned int)s->init_num);