From 5c168710acb6d249834a60d8b3c60a2ec497b816 Mon Sep 17 00:00:00 2001
From: "Dr. Stephen Henson" <steve@openssl.org>
Date: Mon, 13 Jul 2009 11:44:30 +0000
Subject: [PATCH] Update from 1.0.0-stable.

---
 ssl/d1_pkt.c |  7 ++++++-
 ssl/s3_pkt.c | 32 ++++++++++++++++++++++++--------
 2 files changed, 30 insertions(+), 9 deletions(-)

diff --git a/ssl/d1_pkt.c b/ssl/d1_pkt.c
index 882228c7fd..b9909b417b 100644
--- a/ssl/d1_pkt.c
+++ b/ssl/d1_pkt.c
@@ -561,7 +561,12 @@ again:
 		/* read timeout is handled by dtls1_read_bytes */
 		if (n <= 0) return(n); /* error or non-blocking */
 
-		OPENSSL_assert(s->packet_length == DTLS1_RT_HEADER_LENGTH);
+		/* this packet contained a partial record, dump it */
+		if (s->packet_length != DTLS1_RT_HEADER_LENGTH)
+			{
+			s->packet_length = 0;
+			goto again;
+			}
 
 		s->rstate=SSL_ST_READ_BODY;
 
diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c
index 77cf037eed..928755c82a 100644
--- a/ssl/s3_pkt.c
+++ b/ssl/s3_pkt.c
@@ -160,7 +160,7 @@ int ssl3_read_n(SSL *s, int n, int max, int extend)
 			if (pkt[0] == SSL3_RT_APPLICATION_DATA
 			    && (pkt[3]<<8|pkt[4]) >= 128)
 				{
-			 	/* Note that even if packet is corrupted
+				/* Note that even if packet is corrupted
 				 * and its length field is insane, we can
 				 * only be led to wrong decision about
 				 * whether memmove will occur or not.
@@ -176,11 +176,12 @@ int ssl3_read_n(SSL *s, int n, int max, int extend)
 		/* ... now we can act as if 'extend' was set */
 		}
 
-	/* extend reads should not span multiple packets for DTLS */
-	if ( (SSL_version(s) == DTLS1_VERSION || SSL_version(s) == DTLS1_BAD_VER)
-	     &&	extend)
+	/* For DTLS/UDP reads should not span multiple packets
+	 * because the read operation returns the whole packet
+	 * at once (as long as it fits into the buffer). */
+	if (SSL_version(s) == DTLS1_VERSION || SSL_version(s) == DTLS1_BAD_VER)
 		{
-		if ( left > 0 && n > left)
+		if (left > 0 && n > left)
 			n = left;
 		}
 
@@ -207,15 +208,22 @@ int ssl3_read_n(SSL *s, int n, int max, int extend)
 		rb->offset = len + align;
 		}
 
-	max = rb->len - rb->offset;
-	if (n > max) /* does not happen */
+	if (n > rb->len - rb->offset) /* does not happen */
 		{
 		SSLerr(SSL_F_SSL3_READ_N,ERR_R_INTERNAL_ERROR);
 		return -1;
 		}
 
 	if (!s->read_ahead)
-		max=n;
+		/* ignore max parameter */
+		max = n;
+	else
+		{
+		if (max < n)
+			max = n;
+		if (max > rb->len - rb->offset)
+			max = rb->len - rb->offset;
+		}
 
 	while (left < n)
 		{
@@ -244,6 +252,14 @@ int ssl3_read_n(SSL *s, int n, int max, int extend)
 			return(i);
 			}
 		left+=i;
+		/* reads should *never* span multiple packets for DTLS because
+		 * the underlying transport protocol is message oriented as opposed
+		 * to byte oriented as in the TLS case. */
+		if (SSL_version(s) == DTLS1_VERSION || SSL_version(s) == DTLS1_BAD_VER)
+			{
+			if (n > left)
+				n = left; /* makes the while condition false */
+			}
 		}
 
 	/* done reading, now the book-keeping */
-- 
GitLab