generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Fix write failure handling in DTLS1.2

Browse Source 
The DTLS code is supposed to drop packets if we try to write them out but
the underlying BIO write buffers are full. ssl3_write_pending() contains
an incorrect test for DTLS that controls this. The test only checks for
DTLS1 so DTLS1.2 does not correctly clear the internal OpenSSL buffer which
can later cause an assert to be hit. This commit changes the test to cover
all DTLS versions.

RT#3967

Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit 5e8b24dbfb98ed7c5b355cb6a959906a418e264b)
This commit is contained in:
Matt Caswell 2015-07-29 23:20:56 +01:00
parent 374fd385c2
commit 9e43fe9a2b
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
ssl/s3_pkt.c
View File

@ -1115,7 +1115,7 @@ int ssl3_write_pending(SSL *s, int type, const unsigned char *buf,
s->rwstate = SSL_NOTHING;
return (s->s3->wpend_ret);
} else if (i <= 0) {
if (s->version == DTLS1_VERSION || s->version == DTLS1_BAD_VER) {
if (SSL_IS_DTLS(s)) {
/*
* For DTLS, just drop it. That's kind of the whole point in
* using a datagram service