Submitted by: Brad Spencer <spencer@jacknife.org>

author Dr. Stephen Henson <steve@openssl.org>

Sat, 23 Sep 2006 17:29:49 +0000 (17:29 +0000)

committer Dr. Stephen Henson <steve@openssl.org>

Sat, 23 Sep 2006 17:29:49 +0000 (17:29 +0000)
author Dr. Stephen Henson <steve@openssl.org>
Sat, 23 Sep 2006 17:29:49 +0000 (17:29 +0000)
committer Dr. Stephen Henson <steve@openssl.org>
Sat, 23 Sep 2006 17:29:49 +0000 (17:29 +0000)
diff --git a/ssl/d1_pkt.c b/ssl/d1_pkt.c

index 5c7fcd124e215cfbd5a0b4a87d44c4a46227b41e..0b099325e153da64ecb2408866a67c775026a424 100644 (file)
--- a/ssl/d1_pkt.c
+++ b/ssl/d1_pkt.c
@@ -837,8 +837,14 @@ start:
                         dest = s->d1->alert_fragment;
                         dest_len = &s->d1->alert_fragment_len;
                         }
-               else    /* else it's a CCS message */
-                       OPENSSL_assert(rr->type == SSL3_RT_CHANGE_CIPHER_SPEC);
+                /* else it's a CCS message, or it's wrong */
+                else if (rr->type != SSL3_RT_CHANGE_CIPHER_SPEC)
+                        {
+                          /* Not certain if this is the right error handling */
+                          al=SSL_AD_UNEXPECTED_MESSAGE;
+                          SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_UNEXPECTED_RECORD);
+                          goto f_err;
+                        }
  
  
                 if (dest_maxlen > 0)
author	Dr. Stephen Henson <steve@openssl.org>
	Sat, 23 Sep 2006 17:29:49 +0000 (17:29 +0000)
committer	Dr. Stephen Henson <steve@openssl.org>
	Sat, 23 Sep 2006 17:29:49 +0000 (17:29 +0000)