[openssl-commits] [openssl] master update
Matt Caswell
matt at openssl.org
Sun May 31 23:36:43 UTC 2015
The branch master has been updated
via 8c2b1d872b25f3ec78e04f5cd2de8f21e853c4a6 (commit)
from 1c8a527cff6cd4e07935e5a86335963e93adf75a (commit)
- Log -----------------------------------------------------------------
commit 8c2b1d872b25f3ec78e04f5cd2de8f21e853c4a6
Author: Matt Caswell <matt at openssl.org>
Date: Fri May 29 17:05:01 2015 +0100
Check the message type requested is the type received in DTLS
dtls1_get_message has an |mt| variable which is the type of the message that
is being requested. If it is negative then any message type is allowed.
However the value of |mt| is not checked in one of the main code paths, so a
peer can send a message of a completely different type and it will be
processed as if it was the message type that we were expecting. This has
very little practical consequences because the current behaviour will still
fail when the format of the message isn't as expected.
Reviewed-by: Andy Polyakov <appro at openssl.org>
-----------------------------------------------------------------------
Summary of changes:
ssl/d1_both.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/ssl/d1_both.c b/ssl/d1_both.c
index bcdba74..569b561 100644
--- a/ssl/d1_both.c
+++ b/ssl/d1_both.c
@@ -478,6 +478,12 @@ long dtls1_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
return i;
}
+ if (mt >= 0 && s->s3->tmp.message_type != mt) {
+ al = SSL_AD_UNEXPECTED_MESSAGE;
+ SSLerr(SSL_F_DTLS1_GET_MESSAGE, SSL_R_UNEXPECTED_MESSAGE);
+ goto f_err;
+ }
+
p = (unsigned char *)s->init_buf->data;
msg_len = msg_hdr->msg_len;
More information about the openssl-commits
mailing list