Process signature algorithms in ClientHello late.

[oweals/openssl.git] / ssl / d1_both.c

diff --git a/ssl/d1_both.c b/ssl/d1_both.c
index 29df26e99a35f054081240dfae844f40e297fd5a..3819527e743bdeffd84a50be721a143fd2d8f7d9 100644 (file)
--- a/ssl/d1_both.c
+++ b/ssl/d1_both.c
@@ -604,7 +604,7 @@ static unsigned long dtls1_max_handshake_message_len(const SSL *s)
        }
 
 static int
-dtls1_reassemble_fragment(SSL *s, struct hm_header_st* msg_hdr, int *ok)
+dtls1_reassemble_fragment(SSL *s, const struct hm_header_st* msg_hdr, int *ok)
        {
        hm_fragment *frag = NULL;
        pitem *item = NULL;
@@ -668,7 +668,9 @@ dtls1_reassemble_fragment(SSL *s, struct hm_header_st* msg_hdr, int *ok)
        /* read the body of the fragment (header has already been read */
        i = s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE,
                frag->fragment + msg_hdr->frag_off,frag_len,0);
-       if (i<=0 || (unsigned long)i!=frag_len)
+       if ((unsigned long)i!=frag_len)
+               i=-1;
+       if (i<=0)
                goto err;
 
        RSMBLY_BITMASK_MARK(frag->reassembly, (long)msg_hdr->frag_off,
@@ -685,10 +687,6 @@ dtls1_reassemble_fragment(SSL *s, struct hm_header_st* msg_hdr, int *ok)
 
        if (item == NULL)
                {
-               memset(seq64be,0,sizeof(seq64be));
-               seq64be[6] = (unsigned char)(msg_hdr->seq>>8);
-               seq64be[7] = (unsigned char)(msg_hdr->seq);
-
                item = pitem_new(seq64be, frag);
                if (item == NULL)
                        {
@@ -714,7 +712,7 @@ err:
 
 
 static int
-dtls1_process_out_of_seq_message(SSL *s, struct hm_header_st* msg_hdr, int *ok)
+dtls1_process_out_of_seq_message(SSL *s, const struct hm_header_st* msg_hdr, int *ok)
 {
        int i=-1;
        hm_fragment *frag = NULL;
@@ -734,7 +732,7 @@ dtls1_process_out_of_seq_message(SSL *s, struct hm_header_st* msg_hdr, int *ok)
        /* If we already have an entry and this one is a fragment,
         * don't discard it and rather try to reassemble it.
         */
-       if (item != NULL && frag_len < msg_hdr->msg_len)
+       if (item != NULL && frag_len != msg_hdr->msg_len)
                item = NULL;
 
        /* Discard the message if sequence number was already there, is
@@ -759,7 +757,7 @@ dtls1_process_out_of_seq_message(SSL *s, struct hm_header_st* msg_hdr, int *ok)
                }
        else
                {
-               if (frag_len < msg_hdr->msg_len)
+               if (frag_len != msg_hdr->msg_len)
                        return dtls1_reassemble_fragment(s, msg_hdr, ok);
 
                if (frag_len > dtls1_max_handshake_message_len(s))
@@ -782,10 +780,6 @@ dtls1_process_out_of_seq_message(SSL *s, struct hm_header_st* msg_hdr, int *ok)
                                goto err;
                        }
 
-               memset(seq64be,0,sizeof(seq64be));
-               seq64be[6] = (unsigned char)(msg_hdr->seq>>8);
-               seq64be[7] = (unsigned char)(msg_hdr->seq);
-
                item = pitem_new(seq64be, frag);
                if ( item == NULL)
                        goto err;
@@ -1369,6 +1363,9 @@ dtls1_process_heartbeat(SSL *s)
        /* Read type and payload length first */
        if (1 + 2 + 16 > s->s3->rrec.length)
                return 0; /* silently discard */
+       if (s->s3->rrec.length > SSL3_RT_MAX_PLAIN_LENGTH)
+               return 0; /* silently discard per RFC 6520 sec. 4 */
+
        hbtype = *p++;
        n2s(p, payload);
        if (1 + 2 + payload + 16 > s->s3->rrec.length)