Fix DTLS1_BAD_VER regression
Commit9cf0f187
in HEAD, and68039af3
in 1.0.2, removed a version check from dtls1_buffer_message() which was needed to distinguish between DTLS 1.x and Cisco's pre-standard version of DTLS (DTLS1_BAD_VER). Based on an original patch by David Woodhouse <dwmw2@infradead.org> RT#3703 Reviewed-by: Tim Hudson <tjh@openssl.org> (cherry picked from commit5178a16c43
)
This commit is contained in:
parent
d6ca1cee8b
commit
ae3fcdf1e5
1 changed files with 3 additions and 1 deletions
|
@ -1108,8 +1108,10 @@ int dtls1_buffer_message(SSL *s, int is_ccs)
|
|||
memcpy(frag->fragment, s->init_buf->data, s->init_num);
|
||||
|
||||
if (is_ccs) {
|
||||
/* For DTLS1_BAD_VER the header length is non-standard */
|
||||
OPENSSL_assert(s->d1->w_msg_hdr.msg_len +
|
||||
DTLS1_CCS_HEADER_LENGTH == (unsigned int)s->init_num);
|
||||
((s->version==DTLS1_BAD_VER)?3:DTLS1_CCS_HEADER_LENGTH)
|
||||
== (unsigned int)s->init_num);
|
||||
} else {
|
||||
OPENSSL_assert(s->d1->w_msg_hdr.msg_len +
|
||||
DTLS1_HM_HEADER_LENGTH == (unsigned int)s->init_num);
|
||||
|
|
Loading…
Reference in a new issue