From cddd00166c47dc379d0300625a34e6201b51860c Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Mon, 13 Jul 2009 11:44:04 +0000 Subject: [PATCH] =?utf8?q?PR:=201984=20Submitted=20by:=20Michael=20T=C3=83?= =?utf8?q?=C2=83=C3=82=C2=BCxen=20=20App?= =?utf8?q?roved=20by:=20steve@openssl.org?= MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit Don't concatenate reads in DTLS. --- ssl/d1_pkt.c | 7 ++++++- ssl/s3_pkt.c | 32 ++++++++++++++++++++++++-------- 2 files changed, 30 insertions(+), 9 deletions(-) diff --git a/ssl/d1_pkt.c b/ssl/d1_pkt.c index 882228c7fd..b9909b417b 100644 --- a/ssl/d1_pkt.c +++ b/ssl/d1_pkt.c @@ -561,7 +561,12 @@ again: /* read timeout is handled by dtls1_read_bytes */ if (n <= 0) return(n); /* error or non-blocking */ - OPENSSL_assert(s->packet_length == DTLS1_RT_HEADER_LENGTH); + /* this packet contained a partial record, dump it */ + if (s->packet_length != DTLS1_RT_HEADER_LENGTH) + { + s->packet_length = 0; + goto again; + } s->rstate=SSL_ST_READ_BODY; diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c index 77cf037eed..928755c82a 100644 --- a/ssl/s3_pkt.c +++ b/ssl/s3_pkt.c @@ -160,7 +160,7 @@ int ssl3_read_n(SSL *s, int n, int max, int extend) if (pkt[0] == SSL3_RT_APPLICATION_DATA && (pkt[3]<<8|pkt[4]) >= 128) { - /* Note that even if packet is corrupted + /* Note that even if packet is corrupted * and its length field is insane, we can * only be led to wrong decision about * whether memmove will occur or not. @@ -176,11 +176,12 @@ int ssl3_read_n(SSL *s, int n, int max, int extend) /* ... now we can act as if 'extend' was set */ } - /* extend reads should not span multiple packets for DTLS */ - if ( (SSL_version(s) == DTLS1_VERSION || SSL_version(s) == DTLS1_BAD_VER) - && extend) + /* For DTLS/UDP reads should not span multiple packets + * because the read operation returns the whole packet + * at once (as long as it fits into the buffer). */ + if (SSL_version(s) == DTLS1_VERSION || SSL_version(s) == DTLS1_BAD_VER) { - if ( left > 0 && n > left) + if (left > 0 && n > left) n = left; } @@ -207,15 +208,22 @@ int ssl3_read_n(SSL *s, int n, int max, int extend) rb->offset = len + align; } - max = rb->len - rb->offset; - if (n > max) /* does not happen */ + if (n > rb->len - rb->offset) /* does not happen */ { SSLerr(SSL_F_SSL3_READ_N,ERR_R_INTERNAL_ERROR); return -1; } if (!s->read_ahead) - max=n; + /* ignore max parameter */ + max = n; + else + { + if (max < n) + max = n; + if (max > rb->len - rb->offset) + max = rb->len - rb->offset; + } while (left < n) { @@ -244,6 +252,14 @@ int ssl3_read_n(SSL *s, int n, int max, int extend) return(i); } left+=i; + /* reads should *never* span multiple packets for DTLS because + * the underlying transport protocol is message oriented as opposed + * to byte oriented as in the TLS case. */ + if (SSL_version(s) == DTLS1_VERSION || SSL_version(s) == DTLS1_BAD_VER) + { + if (n > left) + n = left; /* makes the while condition false */ + } } /* done reading, now the book-keeping */ -- 2.25.1