PR: 2218

Submitted By: Robin Seggelmann <seggelmann@fh-muenster.de> Fixes for DTLS replay bug.

PR: 2218
Submitted By: Robin Seggelmann <seggelmann@fh-muenster.de> Fixes for DTLS replay bug.
ff12f88b · Dr. Stephen Henson · 47e6a60e · ff12f88b
隐藏空白更改
内联并排

Showing with 6 addition and 6 deletion

ssl/d1_pkt.c ssl/d1_pkt.c +6 -6

未找到文件。
--- a/ssl/d1_pkt.c
+++ b/ssl/d1_pkt.c
@@ -667,14 +667,14 @@ again:
 	if (rr->length == 0) goto again;
 	/* If this record is from the next epoch (either HM or ALERT),
-	 * buffer it since it cannot be processed at this time. Records
+	 * and a handshake is currently in progress, buffer it since it
-	 * from the next epoch are marked as received even though they
+	 * cannot be processed at this time. */
-	 * are not processed, so as to prevent any potential resource
-	 * DoS attack */
 	if (is_next_epoch)
 		{
-		dtls1_record_bitmap_update(s, bitmap);
+		if (SSL_in_init(s) || s->in_handshake)
-		dtls1_buffer_record(s, &(s->d1->unprocessed_rcds), rr->seq_num);
+			{
+			dtls1_buffer_record(s, &(s->d1->unprocessed_rcds), rr->seq_num);
+			}
 		rr->length = 0;
 		s->packet_length = 0;
 		goto again;