generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Verify that we have a sensible message len and fail if not

Browse Source 
RT#3592 provides an instance where the OPENSSL_assert that this commit
replaces can be hit. I was able to recreate this issue by forcing the
underlying BIO to misbehave and come back with very small mtu values. This
happens the second time around the while loop after we have detected that the
MTU has been exceeded following the call to dtls1_write_bytes.

Reviewed-by: Tim Hudson <tjh@openssl.org>
This commit is contained in:
Matt Caswell 2014-12-01 11:10:38 +00:00
parent 961d2ddb4b
commit cf75017bfd
1 changed files with 8 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
ssl/d1_both.c
View File

@ -329,12 +329,18 @@ int dtls1_do_write(SSL *s, int type)
len = s->init_num;
}
if ( len < DTLS1_HM_HEADER_LENGTH )
{
/*
* len is so small that we really can't do anything sensible
* so fail
*/
return -1;
}
dtls1_fix_message_header(s, frag_off,
len - DTLS1_HM_HEADER_LENGTH);
dtls1_write_message_header(s, (unsigned char *)&s->init_buf->data[s->init_off]);
OPENSSL_assert(len >= DTLS1_HM_HEADER_LENGTH);
}
ret=dtls1_write_bytes(s,type,&s->init_buf->data[s->init_off],