projects
/
oweals
/
openssl.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
PR: 1829
[oweals/openssl.git]
/
ssl
/
s3_pkt.c
diff --git
a/ssl/s3_pkt.c
b/ssl/s3_pkt.c
index d0f54e297bb7af5e53ff732363c5c6c85b530dd4..9476dcddf6e958f6f3c566c3279f3f44bf74c4d7 100644
(file)
--- a/
ssl/s3_pkt.c
+++ b/
ssl/s3_pkt.c
@@
-277,11
+277,7
@@
again:
n2s(p,rr->length);
/* Lets check version */
n2s(p,rr->length);
/* Lets check version */
- if (s->first_packet)
- {
- s->first_packet=0;
- }
- else
+ if (!s->first_packet)
{
if (version != s->version)
{
{
if (version != s->version)
{
@@
-757,8
+753,15
@@
int ssl3_write_pending(SSL *s, int type, const unsigned char *buf,
s->rwstate=SSL_NOTHING;
return(s->s3->wpend_ret);
}
s->rwstate=SSL_NOTHING;
return(s->s3->wpend_ret);
}
- else if (i <= 0)
+ else if (i <= 0) {
+ if (s->version == DTLS1_VERSION ||
+ s->version == DTLS1_BAD_VER) {
+ /* For DTLS, just drop it. That's kind of the whole
+ point in using a datagram service */
+ s->s3->wbuf.left = 0;
+ }
return(i);
return(i);
+ }
s->s3->wbuf.offset+=i;
s->s3->wbuf.left-=i;
}
s->s3->wbuf.offset+=i;
s->s3->wbuf.left-=i;
}
@@
-1229,6
+1232,13
@@
int ssl3_do_change_cipher_spec(SSL *s)
if (s->s3->tmp.key_block == NULL)
{
if (s->s3->tmp.key_block == NULL)
{
+ if (s->session == NULL)
+ {
+ /* might happen if dtls1_read_bytes() calls this */
+ SSLerr(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC,SSL_R_CCS_RECEIVED_EARLY);
+ return (0);
+ }
+
s->session->cipher=s->s3->tmp.new_cipher;
if (!s->method->ssl3_enc->setup_key_block(s)) return(0);
}
s->session->cipher=s->s3->tmp.new_cipher;
if (!s->method->ssl3_enc->setup_key_block(s)) return(0);
}