diff options
author | Matt Caswell <matt@openssl.org> | 2014-07-24 23:54:28 +0100 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2014-08-06 20:36:40 +0100 |
commit | f6663338cb0f5c21b8635d0b84d69554b0f51b56 (patch) | |
tree | 34e7f62d6f62d9d0b9dcf545fea3139ccba36118 /ssl | |
parent | b74d1d260f07bf0836610d6b1a53b32101913886 (diff) | |
download | openssl-new-f6663338cb0f5c21b8635d0b84d69554b0f51b56.tar.gz |
Applying same fix as in dtls1_process_out_of_seq_message. A truncated DTLS fragment would cause *ok to be clear, but the return value would still be the number of bytes read.
Problem identified by Emilia Käsper, based on previous issue/patch by Adam
Langley.
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Diffstat (limited to 'ssl')
-rw-r--r-- | ssl/d1_both.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/ssl/d1_both.c b/ssl/d1_both.c index 29df26e99a..c195ee0f55 100644 --- a/ssl/d1_both.c +++ b/ssl/d1_both.c @@ -668,7 +668,9 @@ dtls1_reassemble_fragment(SSL *s, struct hm_header_st* msg_hdr, int *ok) /* read the body of the fragment (header has already been read */ i = s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE, frag->fragment + msg_hdr->frag_off,frag_len,0); - if (i<=0 || (unsigned long)i!=frag_len) + if ((unsigned long)i!=frag_len) + i=-1; + if (i<=0) goto err; RSMBLY_BITMASK_MARK(frag->reassembly, (long)msg_hdr->frag_off, |