From d493899579429374026bc11c60859d5af9c2a0dc Mon Sep 17 00:00:00 2001 From: Andy Polyakov Date: Sat, 13 Sep 2008 18:24:38 +0000 Subject: [PATCH] DTLS didn't handle alerts correctly. PR: 1632 --- ssl/d1_pkt.c | 10 +++++++++- ssl/dtls1.h | 5 +++++ 2 files changed, 14 insertions(+), 1 deletion(-) diff --git a/ssl/d1_pkt.c b/ssl/d1_pkt.c index 2e35db83e6..eb3af232c7 100644 --- a/ssl/d1_pkt.c +++ b/ssl/d1_pkt.c @@ -850,6 +850,14 @@ start: * may be fragmented--don't always expect dest_maxlen bytes */ if ( rr->length < dest_maxlen) { +#ifdef DTLS1_AD_MISSING_HANDSHAKE_MESSAGE + /* + * for normal alerts rr->length is 2, while + * dest_maxlen is 7 if we were to handle this + * non-existing alert... + */ + FIX ME +#endif s->rstate=SSL_ST_READ_HEADER; rr->length = 0; goto start; @@ -1546,7 +1554,7 @@ int dtls1_dispatch_alert(SSL *s) { int i,j; void (*cb)(const SSL *ssl,int type,int val)=NULL; - unsigned char buf[2 + 2 + 3]; /* alert level + alert desc + message seq +frag_off */ + unsigned char buf[DTLS1_AL_HEADER_LENGTH]; unsigned char *ptr = &buf[0]; s->s3->alert_dispatch=0; diff --git a/ssl/dtls1.h b/ssl/dtls1.h index f95c91c784..6548a98f03 100644 --- a/ssl/dtls1.h +++ b/ssl/dtls1.h @@ -70,6 +70,7 @@ extern "C" { #define DTLS1_VERSION 0xFEFF #if 0 +/* this alert description is not specified anywhere... */ #define DTLS1_AD_MISSING_HANDSHAKE_MESSAGE 110 #endif @@ -85,7 +86,11 @@ extern "C" { #define DTLS1_CCS_HEADER_LENGTH 1 +#ifdef DTLS1_AD_MISSING_HANDSHAKE_MESSAGE #define DTLS1_AL_HEADER_LENGTH 7 +#else +#define DTLS1_AL_HEADER_LENGTH 2 +#endif typedef struct dtls1_bitmap_st -- 2.25.1