generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

PR: 1984

Browse Source 
Submitted by: Michael Tüxen <Michael.Tuexen@lurchi.franken.de>
Approved by: steve@openssl.org

Don't concatenate reads in DTLS.
This commit is contained in:
Dr. Stephen Henson 2009-07-13 11:44:04 +00:00
parent 0190aa7353
commit cddd00166c
2 changed files with 30 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
ssl/d1_pkt.c
View File

@ -561,7 +561,12 @@ again:
/* read timeout is handled by dtls1_read_bytes */ /* read timeout is handled by dtls1_read_bytes */
if (n <= 0) return(n); /* error or non-blocking */ if (n <= 0) return(n); /* error or non-blocking */
OPENSSL_assert(s->packet_length == DTLS1_RT_HEADER_LENGTH); /* this packet contained a partial record, dump it */
if (s->packet_length != DTLS1_RT_HEADER_LENGTH)
{
s->packet_length = 0;
goto again;
}
s->rstate=SSL_ST_READ_BODY; s->rstate=SSL_ST_READ_BODY;

32
ssl/s3_pkt.c
View File

@ -160,7 +160,7 @@ int ssl3_read_n(SSL *s, int n, int max, int extend)
if (pkt[0] == SSL3_RT_APPLICATION_DATA if (pkt[0] == SSL3_RT_APPLICATION_DATA
&& (pkt[3]<<8|pkt[4]) >= 128) && (pkt[3]<<8|pkt[4]) >= 128)
{ {
/* Note that even if packet is corrupted /* Note that even if packet is corrupted
* and its length field is insane, we can * and its length field is insane, we can
* only be led to wrong decision about * only be led to wrong decision about
* whether memmove will occur or not. * whether memmove will occur or not.
@ -176,11 +176,12 @@ int ssl3_read_n(SSL *s, int n, int max, int extend)
/* ... now we can act as if 'extend' was set */ /* ... now we can act as if 'extend' was set */
} }
/* extend reads should not span multiple packets for DTLS */ /* For DTLS/UDP reads should not span multiple packets
if ( (SSL_version(s) == DTLS1_VERSION || SSL_version(s) == DTLS1_BAD_VER) * because the read operation returns the whole packet
&& extend) * at once (as long as it fits into the buffer). */
if (SSL_version(s) == DTLS1_VERSION || SSL_version(s) == DTLS1_BAD_VER)
{ {
if ( left > 0 && n > left) if (left > 0 && n > left)
n = left; n = left;
} }
@ -207,15 +208,22 @@ int ssl3_read_n(SSL *s, int n, int max, int extend)
rb->offset = len + align; rb->offset = len + align;
} }
max = rb->len - rb->offset; if (n > rb->len - rb->offset) /* does not happen */
if (n > max) /* does not happen */
{ {
SSLerr(SSL_F_SSL3_READ_N,ERR_R_INTERNAL_ERROR); SSLerr(SSL_F_SSL3_READ_N,ERR_R_INTERNAL_ERROR);
return -1; return -1;
} }
if (!s->read_ahead) if (!s->read_ahead)
max=n; /* ignore max parameter */
max = n;
else
{
if (max < n)
max = n;
if (max > rb->len - rb->offset)
max = rb->len - rb->offset;
}
while (left < n) while (left < n)
{ {
@ -244,6 +252,14 @@ int ssl3_read_n(SSL *s, int n, int max, int extend)
return(i); return(i);
} }
left+=i; left+=i;
/* reads should *never* span multiple packets for DTLS because
* the underlying transport protocol is message oriented as opposed
* to byte oriented as in the TLS case. */
if (SSL_version(s) == DTLS1_VERSION || SSL_version(s) == DTLS1_BAD_VER)
{
if (n > left)
n = left; /* makes the while condition false */
}
} }
/* done reading, now the book-keeping */ /* done reading, now the book-keeping */