From: Dr. Stephen Henson Date: Mon, 13 Jul 2009 22:37:45 +0000 (+0000) Subject: PR: 1984 X-Git-Tag: OpenSSL_0_9_8m-beta1~170 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=34d01a3b20860252c04df0197f95486d4ee8128e;p=oweals%2Fopenssl.git PR: 1984 Submitted by: Michael Tüxen Approved by: steve@openssl.org PR#1984 DTLS fix for 0.9.8. --- diff --git a/ssl/d1_pkt.c b/ssl/d1_pkt.c index 26d5c3b1d2..989b5337b5 100644 --- a/ssl/d1_pkt.c +++ b/ssl/d1_pkt.c @@ -517,7 +517,12 @@ again: /* read timeout is handled by dtls1_read_bytes */ if (n <= 0) return(n); /* error or non-blocking */ - OPENSSL_assert(s->packet_length == DTLS1_RT_HEADER_LENGTH); + /* this packet contained a partial record, dump it */ + if (s->packet_length != DTLS1_RT_HEADER_LENGTH) + { + s->packet_length = 0; + goto again; + } s->rstate=SSL_ST_READ_BODY; diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c index 60135ff9ac..408ab9214c 100644 --- a/ssl/s3_pkt.c +++ b/ssl/s3_pkt.c @@ -141,9 +141,10 @@ int ssl3_read_n(SSL *s, int n, int max, int extend) /* ... now we can act as if 'extend' was set */ } - /* extend reads should not span multiple packets for DTLS */ - if ( SSL_version(s) == DTLS1_VERSION && - extend) + /* For DTLS/UDP reads should not span multiple packets + * because the read operation returns the whole packet + * at once (as long as it fits into the buffer). */ + if (SSL_version(s) == DTLS1_VERSION) { if ( s->s3->rbuf.left > 0 && n > s->s3->rbuf.left) n = s->s3->rbuf.left; @@ -209,6 +210,14 @@ int ssl3_read_n(SSL *s, int n, int max, int extend) return(i); } newb+=i; + /* reads should *never* span multiple packets for DTLS because + * the underlying transport protocol is message oriented as opposed + * to byte oriented as in the TLS case. */ + if (SSL_version(s) == DTLS1_VERSION) + { + if (n > newb) + n = newb; /* makes the while condition false */ + } } /* done reading, now the book-keeping */