From: Matt Caswell <matt@openssl.org>
Date: Thu, 19 Apr 2018 15:42:39 +0000 (+0100)
Subject: Fix SSL_pending() for DTLS
X-Git-Tag: OpenSSL_1_1_0i~173
X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=71d52f1a8ebdf1d26b6b53e4e1f85f2ff1b0d9b8;p=oweals%2Fopenssl.git

Fix SSL_pending() for DTLS

DTLS was not correctly returning the number of pending bytes left in
a call to SSL_pending(). This makes the detection of truncated packets
almost impossible.

Fixes #5478

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6021)
---

diff --git a/ssl/record/rec_layer_d1.c b/ssl/record/rec_layer_d1.c
index b3ff5f1fbf..c753a54a22 100644
--- a/ssl/record/rec_layer_d1.c
+++ b/ssl/record/rec_layer_d1.c
@@ -423,6 +423,7 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
     /* get new packet if necessary */
     if ((SSL3_RECORD_get_length(rr) == 0)
         || (s->rlayer.rstate == SSL_ST_READ_BODY)) {
+        RECORD_LAYER_set_numrpipes(&s->rlayer, 0);
         ret = dtls1_get_record(s);
         if (ret <= 0) {
             ret = dtls1_read_failed(s, ret);
@@ -432,6 +433,7 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
             else
                 goto start;
         }
+        RECORD_LAYER_set_numrpipes(&s->rlayer, 1);
     }
 
     /*