root
/
openssl
mirror of https://github.com/openssl/openssl.git
1
0
Fork 0
Code Issues Actions 7 Packages Projects Releases Wiki Activity

Properly handle duplicated messages from the next epoch 

Since 1fb9fdc30 we may attempt to buffer a record from the next epoch
that has already been buffered. Prior to that this never occurred.

We simply ignore a failure to buffer a duplicated record.

Fixes #6902

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7414)
This commit is contained in:
Matt Caswell 2018-10-16 17:08:11 +01:00
parent 21311777ad
commit 840facc3cc
1 changed files with 1 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
ssl/record/rec_layer_d1.c
View File

@ -185,14 +185,11 @@ int dtls1_buffer_record(SSL *s, record_pqueue *queue, unsigned char *priority)
return -1; return -1;
} }
/* insert should not fail, since duplicates are dropped */
if (pqueue_insert(queue->q, item) == NULL) { if (pqueue_insert(queue->q, item) == NULL) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DTLS1_BUFFER_RECORD, /* Must be a duplicate so ignore it */
ERR_R_INTERNAL_ERROR);
OPENSSL_free(rdata->rbuf.buf); OPENSSL_free(rdata->rbuf.buf);
OPENSSL_free(rdata); OPENSSL_free(rdata);
pitem_free(item); pitem_free(item);
return -1;
} }
return 1; return 1;