Fix DTLS1_BAD_VER regression

Commit 9cf0f187 in HEAD, and 68039af3 in 1.0.2, removed a version check from dtls1_buffer_message() which was needed to distinguish between DTLS 1.x and Cisco's pre-standard version of DTLS (DTLS1_BAD_VER). Based on an original patch by David Woodhouse <dwmw2@infradead.org> RT#3703 Reviewed-by: N Tim Hudson <tjh@openssl.org>

Fix DTLS1_BAD_VER regression
Commit 9cf0f187 in HEAD, and 68039af3 in 1.0.2, removed a version check from dtls1_buffer_message() which was needed to distinguish between DTLS 1.x and Cisco's pre-standard version of DTLS (DTLS1_BAD_VER). Based on an original patch by David Woodhouse <dwmw2@infradead.org> RT#3703 Reviewed-by: N Tim Hudson <tjh@openssl.org>
5178a16c · Matt Caswell · a8ae0891 · 5178a16c
隐藏空白更改
内联并排

Showing with 3 addition and 1 deletion

ssl/d1_both.c ssl/d1_both.c +3 -1

未找到文件。
--- a/ssl/d1_both.c
+++ b/ssl/d1_both.c
@@ -1086,8 +1086,10 @@ int dtls1_buffer_message(SSL *s, int is_ccs)
    memcpy(frag->fragment, s->init_buf->data, s->init_num);

    if (is_ccs) {
+        /* For DTLS1_BAD_VER the header length is non-standard */
        OPENSSL_assert(s->d1->w_msg_hdr.msg_len +
-                       DTLS1_CCS_HEADER_LENGTH == (unsigned int)s->init_num);
+                       ((s->version==DTLS1_BAD_VER)?3:DTLS1_CCS_HEADER_LENGTH)
+                       == (unsigned int)s->init_num);
    } else {
        OPENSSL_assert(s->d1->w_msg_hdr.msg_len +
                       DTLS1_HM_HEADER_LENGTH == (unsigned int)s->init_num);