The first call to query the mtu in dtls1_do_write correctly checks that the

mtu that we have received is not less than the minimum. If its less it uses the minimum instead. The second call to query the mtu does not do that, but instead uses whatever comes back. We have seen an instance in RT#3592 where we have got an unreasonably small mtu come back. This commit makes both query checks consistent. Reviewed-by: Tim Hudson <tjh@openssl.org> (cherry picked from commit 6abb0d1f8e)
2014-12-01 11:41:25 +00:00 · 2014-12-01 11:41:25 +00:00 · 80d09058af
commit 80d09058af
parent 3cc0c0d21c
1 changed files with 13 additions and 9 deletions
--- a/ssl/d1_both.c
+++ b/ssl/d1_both.c
@ -224,13 +224,8 @@ void dtls1_hm_fragment_free(hm_fragment *frag)
 	OPENSSL_free(frag);
 	}

-/* send s->init_buf in records of type 'type' (SSL3_RT_HANDSHAKE or SSL3_RT_CHANGE_CIPHER_SPEC) */
-int dtls1_do_write(SSL *s, int type)
-	{
-	int ret;
-	int curr_mtu;
-	unsigned int len, frag_off, mac_size, blocksize;
-
+static void dtls1_query_mtu(SSL *s)
+{
 	/* AHA!  Figure out the MTU, and stick to the right size */
 	if (s->d1->mtu < dtls1_min_mtu() && !(SSL_get_options(s) & SSL_OP_NO_QUERY_MTU))
 		{
@ -247,6 +242,16 @@ int dtls1_do_write(SSL *s, int type)
 				s->d1->mtu, NULL);
 			}
 		}
+}
+
+/* send s->init_buf in records of type 'type' (SSL3_RT_HANDSHAKE or SSL3_RT_CHANGE_CIPHER_SPEC) */
+int dtls1_do_write(SSL *s, int type)
+	{
+	int ret;
+	int curr_mtu;
+	unsigned int len, frag_off, mac_size, blocksize;
+
+	dtls1_query_mtu(s);
 #if 0 
 	mtu = s->d1->mtu;

@ -357,8 +362,7 @@ int dtls1_do_write(SSL *s, int type)
 				BIO_CTRL_DGRAM_MTU_EXCEEDED, 0, NULL) > 0 )
 				{
 				if(!(SSL_get_options(s) & SSL_OP_NO_QUERY_MTU))
-					s->d1->mtu = BIO_ctrl(SSL_get_wbio(s),
-						BIO_CTRL_DGRAM_QUERY_MTU, 0, NULL);
+					dtls1_query_mtu(s);
 				else
 					return -1;
 				}