generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

If we really get a situation where the underlying mtu is less than the minimum

Browse Source 
we will support then dtls1_do_write can go into an infinite loop. This commit
fixes that.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit d3d9eef316)
This commit is contained in:
Matt Caswell
2014-12-02 00:16:55 +00:00
parent 1872083ca1
commit 788a5bad17
1 changed files with 4 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
ssl/d1_both.c
View File

@@ -260,6 +260,7 @@ int dtls1_do_write(SSL *s, int type)
{ {
int ret; int ret;
int curr_mtu; int curr_mtu;
int retry = 1;
unsigned int len, frag_off, mac_size, blocksize; unsigned int len, frag_off, mac_size, blocksize;
if(!dtls1_query_mtu(s)) if(!dtls1_query_mtu(s))
@@ -370,13 +371,15 @@ int dtls1_do_write(SSL *s, int type)
* is fine and wait for an alert to handle the * is fine and wait for an alert to handle the
* retransmit * retransmit
*/ */
if ( BIO_ctrl(SSL_get_wbio(s), if ( retry && BIO_ctrl(SSL_get_wbio(s),
BIO_CTRL_DGRAM_MTU_EXCEEDED, 0, NULL) > 0 ) BIO_CTRL_DGRAM_MTU_EXCEEDED, 0, NULL) > 0 )
{ {
if(!(SSL_get_options(s) & SSL_OP_NO_QUERY_MTU)) if(!(SSL_get_options(s) & SSL_OP_NO_QUERY_MTU))
{ {
if(!dtls1_query_mtu(s)) if(!dtls1_query_mtu(s))
return -1; return -1;
/* Have one more go */
retry = 0;
} }
else else
return -1; return -1;