Fix crash in dtls1_get_record whilst in the listen state where you get two

separate reads performed - one for the header and one for the body of the
handshake record.

CVE-2014-3571

Reviewed-by: Matt Caswell <matt@openssl.org>
Conflicts:
	ssl/s3_pkt.c

diff --git a/ssl/d1_pkt.c b/ssl/d1_pkt.c
index d12604e6573eb60f8d0938a186403d5d05479a7b..5eac25fbddadf1dd22aaab0f5dddeaef12057605 100644 (file)
--- a/ssl/d1_pkt.c
+++ b/ssl/d1_pkt.c
@@ -595,8 +595,6 @@ again:
                /* now s->packet_length == DTLS1_RT_HEADER_LENGTH */
                i=rr->length;
                n=ssl3_read_n(s,i,i,1);
-               if (n <= 0) return(n); /* error or non-blocking io */
-
                /* this packet contained a partial record, dump it */
                if ( n != i)
                        {

diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c
index a3b45fba9dc1a16f32200f906a5203f437b2a398..1adc30191138c0948625e63d83b095ba46076583 100644 (file)
--- a/ssl/s3_pkt.c
+++ b/ssl/s3_pkt.c
@@ -147,6 +147,8 @@ int ssl3_read_n(SSL *s, int n, int max, int extend)
         * at once (as long as it fits into the buffer). */
        if (SSL_version(s) == DTLS1_VERSION)
                {
+               if (s->s3->rbuf.left == 0 && extend)
+                       return 0;
                if ( s->s3->rbuf.left > 0 && n > s->s3->rbuf.left)
                        n = s->s3->rbuf.left;
                }