generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

PR: 2218

Browse Source 
Submitted By: Robin Seggelmann <seggelmann@fh-muenster.de>

Fixes for DTLS replay bug.
This commit is contained in:
Dr. Stephen Henson
2010-04-06 12:44:44 +00:00
parent 56e930eb03
commit 5e613d5411
1 changed files with 10 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
ssl/d1_pkt.c
View File

@@ -624,14 +624,15 @@ again:
/* just read a 0 length packet */ /* just read a 0 length packet */
if (rr->length == 0) goto again; if (rr->length == 0) goto again;
/* If this record is from the next epoch (either HM or ALERT), buffer it /* If this record is from the next epoch (either HM or ALERT),
* since it cannot be processed at this time. * and a handshake is currently in progress, buffer it since it
* Records from the next epoch are marked as received even though they are * cannot be processed at this time. */
* not processed, so as to prevent any potential resource DoS attack */
if (is_next_epoch) if (is_next_epoch)
{ {
dtls1_record_bitmap_update(s, bitmap); if (SSL_in_init(s) || s->in_handshake)
dtls1_buffer_record(s, &(s->d1->unprocessed_rcds), &rr->seq_num); {
dtls1_buffer_record(s, &(s->d1->unprocessed_rcds), rr->seq_num);
}
rr->length = 0; rr->length = 0;
s->packet_length = 0; s->packet_length = 0;
goto again; goto again;