diff options
author | Kazuki Yamaguchi <k@rhe.jp> | 2016-08-29 02:21:50 +0900 |
---|---|---|
committer | Kazuki Yamaguchi <k@rhe.jp> | 2016-08-29 02:21:50 +0900 |
commit | fbb5b7a6aee9a2afb7feb98885abedf066639f8a (patch) | |
tree | 26bb5e78bd5c14b1701b8a9ad3a6d381ce9bdc76 /ssl/d1_both.c | |
parent | 814931e32985229c74c5309f805d62a859fa00a8 (diff) | |
parent | 7fb82d06746f7503323a7846448e095bf8f5ef9e (diff) | |
download | openssl-fbb5b7a6aee9a2afb7feb98885abedf066639f8a.tar.gz |
Merge branch 'OpenSSL_1_0_2-stable' of https://github.com/openssl/openssl into OpenSSL_1_0_2-stableOpenSSL_1_0_2-stable
* 'OpenSSL_1_0_2-stable' of https://github.com/openssl/openssl: (57 commits)
SRP_create_verifier does not check for NULL before OPENSSL_cleanse
Improve the definition of STITCHED_CALL in e_rc4_hmac_md5.c
Fix a few leaks in X509_REQ_to_X509. Fix a possible leak on NETSCAPE_SPKI_verify failure.
Add basic test for Cisco DTLS1_BAD_VER and record replay handling
Fix ubsan 'left shift of negative value -1' error in satsub64be()
Fix SSL_export_keying_material() for DTLS1_BAD_VER
Fix the no-tls1 option
ec/asm/ecp_nistz256-x86_64.pl: /cmovb/cmovc/ as nasm doesn't recognize cmovb.
ec/ecp_nistz256: harmonize is_infinity with ec_GFp_simple_is_at_infinity.
ec/asm/ecp_nistz256-x86_64.pl: addition to perform stricter reduction.
Always use session_ctx when removing a session
Avoid overflow in MDC2_Update()
SWEET32 (CVE-2016-2183): Move DES from HIGH to MEDIUM
Fix no-ec
Sanity check ticket length.
mk1mf: dtlstest needs ssltestlib, include it with a hack
Don't check for malloc failure twice.
Fix overflow check in BN_bn2dec()
RT2676: Reject RSA eponent if even or 1
VMS: Use strict refdef extern model when building library object files
...
Diffstat (limited to 'ssl/d1_both.c')
-rw-r--r-- | ssl/d1_both.c | 36 |
1 files changed, 19 insertions, 17 deletions
diff --git a/ssl/d1_both.c b/ssl/d1_both.c index b5900dea8f..46c70d8ad5 100644 --- a/ssl/d1_both.c +++ b/ssl/d1_both.c @@ -618,11 +618,23 @@ static int dtls1_retrieve_buffered_fragment(SSL *s, long max, int *ok) int al; *ok = 0; - item = pqueue_peek(s->d1->buffered_messages); - if (item == NULL) - return 0; + do { + item = pqueue_peek(s->d1->buffered_messages); + if (item == NULL) + return 0; + + frag = (hm_fragment *)item->data; + + if (frag->msg_header.seq < s->d1->handshake_read_seq) { + /* This is a stale message that has been buffered so clear it */ + pqueue_pop(s->d1->buffered_messages); + dtls1_hm_fragment_free(frag); + pitem_free(item); + item = NULL; + frag = NULL; + } + } while (item == NULL); - frag = (hm_fragment *)item->data; /* Don't return if reassembly still in progress */ if (frag->reassembly != NULL) @@ -1211,7 +1223,7 @@ dtls1_retransmit_message(SSL *s, unsigned short seq, unsigned long frag_off, unsigned long header_length; unsigned char seq64be[8]; struct dtls1_retransmit_state saved_state; - unsigned char save_write_sequence[8]; + unsigned char save_write_sequence[8] = {0, 0, 0, 0, 0, 0, 0, 0}; /*- OPENSSL_assert(s->init_num == 0); @@ -1296,18 +1308,6 @@ dtls1_retransmit_message(SSL *s, unsigned short seq, unsigned long frag_off, return ret; } -/* call this function when the buffered messages are no longer needed */ -void dtls1_clear_record_buffer(SSL *s) -{ - pitem *item; - - for (item = pqueue_pop(s->d1->sent_messages); - item != NULL; item = pqueue_pop(s->d1->sent_messages)) { - dtls1_hm_fragment_free((hm_fragment *)item->data); - pitem_free(item); - } -} - unsigned char *dtls1_set_message_header(SSL *s, unsigned char *p, unsigned char mt, unsigned long len, unsigned long frag_off, @@ -1546,6 +1546,8 @@ int dtls1_heartbeat(SSL *s) * - Padding */ buf = OPENSSL_malloc(1 + 2 + payload + padding); + if (buf == NULL) + goto err; p = buf; /* Message Type */ *p++ = TLS1_HB_REQUEST; |