From 840facc3ccab481e1a0bc2cb6e7740e362df7422 Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Tue, 16 Oct 2018 17:08:11 +0100 Subject: [PATCH] Properly handle duplicated messages from the next epoch Since 1fb9fdc30 we may attempt to buffer a record from the next epoch that has already been buffered. Prior to that this never occurred. We simply ignore a failure to buffer a duplicated record. Fixes #6902 Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/7414) --- ssl/record/rec_layer_d1.c | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/ssl/record/rec_layer_d1.c b/ssl/record/rec_layer_d1.c index 43e1f98953..1f9b31969d 100644 --- a/ssl/record/rec_layer_d1.c +++ b/ssl/record/rec_layer_d1.c @@ -185,14 +185,11 @@ int dtls1_buffer_record(SSL *s, record_pqueue *queue, unsigned char *priority) return -1; } - /* insert should not fail, since duplicates are dropped */ if (pqueue_insert(queue->q, item) == NULL) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DTLS1_BUFFER_RECORD, - ERR_R_INTERNAL_ERROR); + /* Must be a duplicate so ignore it */ OPENSSL_free(rdata->rbuf.buf); OPENSSL_free(rdata); pitem_free(item); - return -1; } return 1; -- 2.25.1