From 6abb0d1f8e702a0daa9c32b8021d01eda0483018 Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Mon, 1 Dec 2014 11:41:25 +0000 Subject: [PATCH] The first call to query the mtu in dtls1_do_write correctly checks that the mtu that we have received is not less than the minimum. If its less it uses the minimum instead. The second call to query the mtu does not do that, but instead uses whatever comes back. We have seen an instance in RT#3592 where we have got an unreasonably small mtu come back. This commit makes both query checks consistent. Reviewed-by: Tim Hudson --- ssl/d1_both.c | 22 +++++++++++++--------- 1 file changed, 13 insertions(+), 9 deletions(-) diff --git a/ssl/d1_both.c b/ssl/d1_both.c index 5fba38d37e..9a981e82ae 100644 --- a/ssl/d1_both.c +++ b/ssl/d1_both.c @@ -224,13 +224,8 @@ void dtls1_hm_fragment_free(hm_fragment *frag) OPENSSL_free(frag); } -/* send s->init_buf in records of type 'type' (SSL3_RT_HANDSHAKE or SSL3_RT_CHANGE_CIPHER_SPEC) */ -int dtls1_do_write(SSL *s, int type) - { - int ret; - int curr_mtu; - unsigned int len, frag_off, mac_size, blocksize; - +static void dtls1_query_mtu(SSL *s) +{ /* AHA! Figure out the MTU, and stick to the right size */ if (s->d1->mtu < dtls1_min_mtu() && !(SSL_get_options(s) & SSL_OP_NO_QUERY_MTU)) { @@ -247,6 +242,16 @@ int dtls1_do_write(SSL *s, int type) s->d1->mtu, NULL); } } +} + +/* send s->init_buf in records of type 'type' (SSL3_RT_HANDSHAKE or SSL3_RT_CHANGE_CIPHER_SPEC) */ +int dtls1_do_write(SSL *s, int type) + { + int ret; + int curr_mtu; + unsigned int len, frag_off, mac_size, blocksize; + + dtls1_query_mtu(s); #if 0 mtu = s->d1->mtu; @@ -357,8 +362,7 @@ int dtls1_do_write(SSL *s, int type) BIO_CTRL_DGRAM_MTU_EXCEEDED, 0, NULL) > 0 ) { if(!(SSL_get_options(s) & SSL_OP_NO_QUERY_MTU)) - s->d1->mtu = BIO_ctrl(SSL_get_wbio(s), - BIO_CTRL_DGRAM_QUERY_MTU, 0, NULL); + dtls1_query_mtu(s); else return -1; } -- GitLab