提交 f6663338 编写于 作者: M Matt Caswell

Applying same fix as in dtls1_process_out_of_seq_message. A truncated DTLS...

Applying same fix as in dtls1_process_out_of_seq_message. A truncated DTLS fragment would cause *ok to be clear, but the return value would still be the number of bytes read.

Problem identified by Emilia Käsper, based on previous issue/patch by Adam
Langley.
Reviewed-by: NEmilia Käsper <emilia@openssl.org>
上级 b74d1d26
...@@ -668,7 +668,9 @@ dtls1_reassemble_fragment(SSL *s, struct hm_header_st* msg_hdr, int *ok) ...@@ -668,7 +668,9 @@ dtls1_reassemble_fragment(SSL *s, struct hm_header_st* msg_hdr, int *ok)
/* read the body of the fragment (header has already been read */ /* read the body of the fragment (header has already been read */
i = s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE, i = s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE,
frag->fragment + msg_hdr->frag_off,frag_len,0); frag->fragment + msg_hdr->frag_off,frag_len,0);
if (i<=0 || (unsigned long)i!=frag_len) if ((unsigned long)i!=frag_len)
i=-1;
if (i<=0)
goto err; goto err;
RSMBLY_BITMASK_MARK(frag->reassembly, (long)msg_hdr->frag_off, RSMBLY_BITMASK_MARK(frag->reassembly, (long)msg_hdr->frag_off,
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册