Applying same fix as in dtls1_process_out_of_seq_message. A truncated DTLS fragment...

author Matt Caswell <matt@openssl.org>

Thu, 24 Jul 2014 22:54:28 +0000 (23:54 +0100)

committer Matt Caswell <matt@openssl.org>

Wed, 6 Aug 2014 21:02:00 +0000 (22:02 +0100)
author Matt Caswell <matt@openssl.org>
Thu, 24 Jul 2014 22:54:28 +0000 (23:54 +0100)
committer Matt Caswell <matt@openssl.org>
Wed, 6 Aug 2014 21:02:00 +0000 (22:02 +0100)
diff --git a/ssl/d1_both.c b/ssl/d1_both.c

index 961ac511d2b27d0dae2efc2b57451efd5a1228fd..3a4819f0e9a17d2856a07e7dc389941198af98e1 100644 (file)
--- a/ssl/d1_both.c
+++ b/ssl/d1_both.c
@@ -657,7 +657,9 @@ dtls1_reassemble_fragment(SSL *s, struct hm_header_st* msg_hdr, int *ok)
         /* read the body of the fragment (header has already been read */
         i = s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE,
                 frag->fragment + msg_hdr->frag_off,frag_len,0);
-       if (i<=0 || (unsigned long)i!=frag_len)
+       if ((unsigned long)i!=frag_len)
+               i=-1;
+       if (i<=0)
                 goto err;
  
         RSMBLY_BITMASK_MARK(frag->reassembly, (long)msg_hdr->frag_off,
author	Matt Caswell <matt@openssl.org>
	Thu, 24 Jul 2014 22:54:28 +0000 (23:54 +0100)
committer	Matt Caswell <matt@openssl.org>
	Wed, 6 Aug 2014 21:02:00 +0000 (22:02 +0100)