PR: 1962

Submitted by: Daniel Mentz <daniel.m@sent.com>
Reviewed by: steve@openssl.org

Fix "for dtls1_get_record() returns a bad record in one edge case" bug.

diff --git a/ssl/d1_pkt.c b/ssl/d1_pkt.c
index 394daf6258be194483a293a01f23ebdf593f1c53..35e83d8b52dc8e383d60890b861d3c5039873b80 100644 (file)
--- a/ssl/d1_pkt.c
+++ b/ssl/d1_pkt.c
@@ -623,6 +623,7 @@ again:
                /* this packet contained a partial record, dump it */
                if ( n != i)
                        {
+                       rr->length = 0;
                        s->packet_length = 0;
                        goto again;
                        }
@@ -636,6 +637,7 @@ again:
        bitmap = dtls1_get_bitmap(s, rr, &is_next_epoch);
        if ( bitmap == NULL)
                {
+               rr->length = 0;
                s->packet_length = 0;  /* dump this record */
                goto again;   /* get another record */
                }
@@ -660,6 +662,7 @@ again:
                {
                dtls1_record_bitmap_update(s, bitmap);
                dtls1_buffer_record(s, &(s->d1->unprocessed_rcds), rr->seq_num);
+               rr->length = 0;
                s->packet_length = 0;
                goto again;
                }