Applying same fix as in dtls1_process_out_of_seq_message. A truncated DTLS...

Applying same fix as in dtls1_process_out_of_seq_message. A truncated DTLS fragment would cause *ok to be clear, but the return value would still be the number of bytes read. Problem identified by Emilia Käsper, based on previous issue/patch by Adam Langley. Reviewed-by: N Emilia Käsper <emilia@openssl.org>

Applying same fix as in dtls1_process_out_of_seq_message. A truncated DTLS...
Applying same fix as in dtls1_process_out_of_seq_message. A truncated DTLS fragment would cause *ok to be clear, but the return value would still be the number of bytes read. Problem identified by Emilia Käsper, based on previous issue/patch by Adam Langley. Reviewed-by: N Emilia Käsper <emilia@openssl.org>
f6663338 · Matt Caswell · b74d1d26 · f6663338
隐藏空白更改
内联并排

Showing with 3 addition and 1 deletion

ssl/d1_both.c ssl/d1_both.c +3 -1

未找到文件。
--- a/ssl/d1_both.c
+++ b/ssl/d1_both.c
@@ -668,7 +668,9 @@ dtls1_reassemble_fragment(SSL *s, struct hm_header_st* msg_hdr, int *ok)
 	/* read the body of the fragment (header has already been read */
 	i = s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE,
 		frag->fragment + msg_hdr->frag_off,frag_len,0);
-	if (i<=0 || (unsigned long)i!=frag_len)
+	if ((unsigned long)i!=frag_len)
+		i=-1;
+	if (i<=0)
 		goto err;

 	RSMBLY_BITMASK_MARK(frag->reassembly, (long)msg_hdr->frag_off,