From: Matt Caswell Date: Mon, 30 Nov 2015 10:38:54 +0000 (+0000) Subject: Return errors even if the cookie validation has succeeded X-Git-Tag: OpenSSL_1_0_1q~8 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=41d049e1cda0e23ad45fbca94fc90cfe9cfee466;p=oweals%2Fopenssl.git Return errors even if the cookie validation has succeeded In the DTLS ClientHello processing the return value is stored in |ret| which by default is -1. We wish to return 1 on success or 2 on success *and* we have validated the DTLS cookie. Previously on successful validation of the cookie we were setting |ret| to 2. Unfortunately if we later encounter an error then we can end up returning a successful (positive) return code from the function because we already set |ret| to a positive value. This does not appear to have a security consequence because the handshake just fails at a later point. Reviewed-by: Andy Polyakov --- diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index 5c5914e034..e2beb40978 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -966,7 +966,7 @@ int ssl3_check_client_hello(SSL *s) int ssl3_get_client_hello(SSL *s) { - int i, j, ok, al, ret = -1; + int i, j, ok, al, ret = -1, cookie_valid = 0;; unsigned int cookie_len; long n; unsigned long id; @@ -1154,8 +1154,7 @@ int ssl3_get_client_hello(SSL *s) SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_COOKIE_MISMATCH); goto f_err; } - - ret = 2; + cookie_valid = 1; } p += cookie_len; @@ -1491,8 +1490,7 @@ int ssl3_get_client_hello(SSL *s) } } - if (ret < 0) - ret = 1; + ret = cookie_valid ? 2 : 1; if (0) { f_err: ssl3_send_alert(s, SSL3_AL_FATAL, al); @@ -1502,7 +1500,7 @@ int ssl3_get_client_hello(SSL *s) if (ciphers != NULL) sk_SSL_CIPHER_free(ciphers); - return (ret); + return ret; } int ssl3_send_server_hello(SSL *s)