kris/boringssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Same fix as in dtls1_process_out_of_seq_message.

Browse Source 
Applying same fix as in dtls1_process_out_of_seq_message. A truncated
DTLS fragment would cause *ok to be clear, but the return value would
still be the number of bytes read.

Problem identified by Emilia Käsper, based on previous issue/patch by Adam
Langley.

Reviewed-by: Emilia Käsper <emilia@openssl.org>

(Imported from upstream's 3d5dceac430d7b9b273331931d4d2303f5a2256f)

Change-Id: Ibe30716266e2ee1489c98b922cf53edda096c23c
Reviewed-on: https://boringssl-review.googlesource.com/1437
Reviewed-by: Adam Langley <agl@google.com>
This commit is contained in:
Matt Caswell 2014-07-24 23:54:28 +01:00 committed by Adam Langley
parent 8506609ca3
commit e24f686e31
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
ssl/d1_both.c
View File

@ -670,7 +670,9 @@ dtls1_reassemble_fragment(SSL *s, struct hm_header_st* msg_hdr, int *ok)
/* read the body of the fragment (header has already been read */
i = s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE,
frag->fragment + msg_hdr->frag_off,frag_len,0);
if (i<=0 || (unsigned long)i!=frag_len)
if ((unsigned long)i!=frag_len)
i=-1;
if (i<=0)
goto err;
RSMBLY_BITMASK_MARK(frag->reassembly, (long)msg_hdr->frag_off,