Add ticket length before buffering DTLS message

In ssl3_send_new_session_ticket the message to be sent is constructed. We skip adding the length of the session ticket initially, then call ssl_set_handshake_header, and finally go back and add in the length of the ticket. Unfortunately, in DTLS, ssl_set_handshake_header also has the side effect of buffering the message for subsequent retransmission if required. By adding the ticket length after the call to ssl_set_handshake_header the message that is buffered is incomplete, causing an invalid message to be sent on retransmission. Reviewed-by: N Richard Levitte <levitte@openssl.org>

Add ticket length before buffering DTLS message
In ssl3_send_new_session_ticket the message to be sent is constructed. We skip adding the length of the session ticket initially, then call ssl_set_handshake_header, and finally go back and add in the length of the ticket. Unfortunately, in DTLS, ssl_set_handshake_header also has the side effect of buffering the message for subsequent retransmission if required. By adding the ticket length after the call to ssl_set_handshake_header the message that is buffered is incomplete, causing an invalid message to be sent on retransmission. Reviewed-by: N Richard Levitte <levitte@openssl.org>
4f9fab6b · Matt Caswell · d5d0a1cb · 4f9fab6b
隐藏空白更改
内联并排

Showing with 2 addition and 2 deletion

ssl/s3_srvr.c ssl/s3_srvr.c +2 -2

未找到文件。
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -3431,11 +3431,11 @@ int ssl3_send_newsession_ticket(SSL *s)
        /* Now write out lengths: p points to end of data written */
        /* Total length */
        len = p - ssl_handshake_start(s);
-        if(!ssl_set_handshake_header(s, SSL3_MT_NEWSESSION_TICKET, len))
-            goto err;
        /* Skip ticket lifetime hint */
        p = ssl_handshake_start(s) + 4;
        s2n(len - 6, p);
+        if(!ssl_set_handshake_header(s, SSL3_MT_NEWSESSION_TICKET, len))
+            goto err;
        s->state = SSL3_ST_SW_SESSION_TICKET_B;
        OPENSSL_free(senc);
    }