}
static int
-dtls1_reassemble_fragment(SSL *s, struct hm_header_st* msg_hdr, int *ok)
+dtls1_reassemble_fragment(SSL *s, const struct hm_header_st* msg_hdr, int *ok)
{
hm_fragment *frag = NULL;
pitem *item = NULL;
/* read the body of the fragment (header has already been read */
i = s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE,
frag->fragment + msg_hdr->frag_off,frag_len,0);
- if (i<=0 || (unsigned long)i!=frag_len)
+ if ((unsigned long)i!=frag_len)
+ i=-1;
+ if (i<=0)
goto err;
RSMBLY_BITMASK_MARK(frag->reassembly, (long)msg_hdr->frag_off,
if (item == NULL)
{
- memset(seq64be,0,sizeof(seq64be));
- seq64be[6] = (unsigned char)(msg_hdr->seq>>8);
- seq64be[7] = (unsigned char)(msg_hdr->seq);
-
item = pitem_new(seq64be, frag);
if (item == NULL)
{
static int
-dtls1_process_out_of_seq_message(SSL *s, struct hm_header_st* msg_hdr, int *ok)
+dtls1_process_out_of_seq_message(SSL *s, const struct hm_header_st* msg_hdr, int *ok)
{
int i=-1;
hm_fragment *frag = NULL;
/* If we already have an entry and this one is a fragment,
* don't discard it and rather try to reassemble it.
*/
- if (item != NULL && frag_len < msg_hdr->msg_len)
+ if (item != NULL && frag_len != msg_hdr->msg_len)
item = NULL;
/* Discard the message if sequence number was already there, is
}
else
{
- if (frag_len < msg_hdr->msg_len)
+ if (frag_len != msg_hdr->msg_len)
return dtls1_reassemble_fragment(s, msg_hdr, ok);
if (frag_len > dtls1_max_handshake_message_len(s))
goto err;
}
- memset(seq64be,0,sizeof(seq64be));
- seq64be[6] = (unsigned char)(msg_hdr->seq>>8);
- seq64be[7] = (unsigned char)(msg_hdr->seq);
-
item = pitem_new(seq64be, frag);
if ( item == NULL)
goto err;
/* Read type and payload length first */
if (1 + 2 + 16 > s->s3->rrec.length)
return 0; /* silently discard */
+ if (s->s3->rrec.length > SSL3_RT_MAX_PLAIN_LENGTH)
+ return 0; /* silently discard per RFC 6520 sec. 4 */
+
hbtype = *p++;
n2s(p, payload);
if (1 + 2 + payload + 16 > s->s3->rrec.length)