From ae3fcdf1e5865b709aed4e66924197bc6191fc5b Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Mon, 2 Mar 2015 14:34:19 +0000 Subject: [PATCH] Fix DTLS1_BAD_VER regression Commit 9cf0f187 in HEAD, and 68039af3 in 1.0.2, removed a version check from dtls1_buffer_message() which was needed to distinguish between DTLS 1.x and Cisco's pre-standard version of DTLS (DTLS1_BAD_VER). Based on an original patch by David Woodhouse RT#3703 Reviewed-by: Tim Hudson (cherry picked from commit 5178a16c4375471d25e1f5ef5de46febb62a5529) --- ssl/d1_both.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/ssl/d1_both.c b/ssl/d1_both.c index 2553c3de67..21048003bc 100644 --- a/ssl/d1_both.c +++ b/ssl/d1_both.c @@ -1108,8 +1108,10 @@ int dtls1_buffer_message(SSL *s, int is_ccs) memcpy(frag->fragment, s->init_buf->data, s->init_num); if (is_ccs) { + /* For DTLS1_BAD_VER the header length is non-standard */ OPENSSL_assert(s->d1->w_msg_hdr.msg_len + - DTLS1_CCS_HEADER_LENGTH == (unsigned int)s->init_num); + ((s->version==DTLS1_BAD_VER)?3:DTLS1_CCS_HEADER_LENGTH) + == (unsigned int)s->init_num); } else { OPENSSL_assert(s->d1->w_msg_hdr.msg_len + DTLS1_HM_HEADER_LENGTH == (unsigned int)s->init_num); -- 2.25.1