[openssl-commits] [openssl] OpenSSL_1_0_1-stable update

[Matt Caswell]

The branch OpenSSL_1_0_1-stable has been updated
       via  f3e85f43598a1511b72c3813a71e403f19ddf458 (commit)
      from  cc74177e715513e4050ee6e11c9f5fc3e8e65ad4 (commit)


- Log -----------------------------------------------------------------
commit f3e85f43598a1511b72c3813a71e403f19ddf458
Author: Matt Caswell <matt at openssl.org>
Date:   Fri May 29 17:05:01 2015 +0100

    Check the message type requested is the type received in DTLS
    
    dtls1_get_message has an |mt| variable which is the type of the message that
    is being requested. If it is negative then any message type is allowed.
    However the value of |mt| is not checked in one of the main code paths, so a
    peer can send a message of a completely different type and it will be
    processed as if it was the message type that we were expecting. This has
    very little practical consequences because the current behaviour will still
    fail when the format of the message isn't as expected.
    
    Reviewed-by: Andy Polyakov <appro at openssl.org>
    (cherry picked from commit 8c2b1d872b25f3ec78e04f5cd2de8f21e853c4a6)

-----------------------------------------------------------------------

Summary of changes:
 ssl/d1_both.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/ssl/d1_both.c b/ssl/d1_both.c
index 68218e7..c5b2e99 100644
--- a/ssl/d1_both.c
+++ b/ssl/d1_both.c
@@ -485,6 +485,12 @@ long dtls1_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
         return i;
     }
 
+    if (mt >= 0 && s->s3->tmp.message_type != mt) {
+        al = SSL_AD_UNEXPECTED_MESSAGE;
+        SSLerr(SSL_F_DTLS1_GET_MESSAGE, SSL_R_UNEXPECTED_MESSAGE);
+        goto f_err;
+    }
+
     p = (unsigned char *)s->init_buf->data;
     msg_len = msg_hdr->msg_len;