From: Dr. Stephen Henson <steve@openssl.org>
Date: Sat, 4 Jul 2009 11:38:40 +0000 (+0000)
Subject: PR: 1981
X-Git-Tag: OpenSSL-fips-2_0-rc1~1606
X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=baacd8d4e5d1f1a2d6e34e725b3975dcef595414;p=oweals%2Fopenssl.git

PR: 1981
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org

DTLS record header bugfix.
---

diff --git a/ssl/d1_pkt.c b/ssl/d1_pkt.c
index 35e83d8b52..a9404492dd 100644
--- a/ssl/d1_pkt.c
+++ b/ssl/d1_pkt.c
@@ -586,26 +586,27 @@ again:
 			{
 			if (version != s->version)
 				{
-				SSLerr(SSL_F_DTLS1_GET_RECORD,SSL_R_WRONG_VERSION_NUMBER);
-				/* Send back error using their
-				 * version number :-) */
-				s->version=version;
-				al=SSL_AD_PROTOCOL_VERSION;
-				goto f_err;
+				/* unexpected version, silently discard */
+				rr->length = 0;
+				s->packet_length = 0;
+				goto again;
 				}
 			}
 
 		if ((version & 0xff00) != (s->version & 0xff00))
 			{
-			SSLerr(SSL_F_DTLS1_GET_RECORD,SSL_R_WRONG_VERSION_NUMBER);
-			goto err;
+			/* wrong version, silently discard record */
+			rr->length = 0;
+			s->packet_length = 0;
+			goto again;
 			}
 
 		if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH)
 			{
-			al=SSL_AD_RECORD_OVERFLOW;
-			SSLerr(SSL_F_DTLS1_GET_RECORD,SSL_R_PACKET_LENGTH_TOO_LONG);
-			goto f_err;
+			/* record too long, silently discard it */
+			rr->length = 0;
+			s->packet_length = 0;
+			goto again;
 			}
 
 		/* now s->rstate == SSL_ST_READ_BODY */