[openssl-commits] [openssl] OpenSSL source code branch OpenSSL_1_0_2-stable updated. OpenSSL_1_0_2-beta3-103-g4ca0e95

Matt Caswell matt at openssl.org
Tue Dec 16 00:15:59 UTC 2014


This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "OpenSSL source code".

The branch, OpenSSL_1_0_2-stable has been updated
       via  4ca0e95b92811f7dac9fff213350c248619a135c (commit)
       via  f9398b92de8c124c8c8e2a687e705b62758bef6f (commit)
      from  6af16ec5eed85390bcbd004806a842d6153d6a31 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 4ca0e95b92811f7dac9fff213350c248619a135c
Author: Matt Caswell <matt at openssl.org>
Date:   Mon Dec 15 20:48:33 2014 +0000

    Remove extraneous white space, and add some braces
    
    Reviewed-by: Emilia Käsper <emilia at openssl.org>
    (cherry picked from commit 55e530265a7ea8f264717a4e37338cc04eca2007)

commit f9398b92de8c124c8c8e2a687e705b62758bef6f
Author: Matt Caswell <matt at openssl.org>
Date:   Fri Dec 12 15:32:24 2014 +0000

    DTLS fixes for signed/unsigned issues
    
    Reviewed-by: Emilia Käsper <emilia at openssl.org>
    (cherry picked from commit 1904d21123849a65dafde1705e6dd5b7c2f420eb)

-----------------------------------------------------------------------

Summary of changes:
 ssl/d1_both.c |   40 +++++++++++++++++++++++++++++++---------
 1 file changed, 31 insertions(+), 9 deletions(-)

diff --git a/ssl/d1_both.c b/ssl/d1_both.c
index 82e814a..a2a39ba 100644
--- a/ssl/d1_both.c
+++ b/ssl/d1_both.c
@@ -259,9 +259,9 @@ static int dtls1_query_mtu(SSL *s)
 int dtls1_do_write(SSL *s, int type)
 	{
 	int ret;
-	int curr_mtu;
+	unsigned int curr_mtu;
 	int retry = 1;
-	unsigned int len, frag_off, mac_size, blocksize;
+	unsigned int len, frag_off, mac_size, blocksize, used_len;
 
 	if(!dtls1_query_mtu(s))
 		return -1;
@@ -289,10 +289,15 @@ int dtls1_do_write(SSL *s, int type)
 		blocksize = 0;
 
 	frag_off = 0;
-	while( s->init_num)
+	/* s->init_num shouldn't ever be < 0...but just in case */
+	while(s->init_num > 0)
 		{
-		curr_mtu = s->d1->mtu - BIO_wpending(SSL_get_wbio(s)) - 
-			DTLS1_RT_HEADER_LENGTH - mac_size - blocksize;
+		used_len = BIO_wpending(SSL_get_wbio(s)) +  DTLS1_RT_HEADER_LENGTH
+			+ mac_size + blocksize;
+		if(s->d1->mtu > used_len)
+			curr_mtu = s->d1->mtu - used_len;
+		else
+			curr_mtu = 0;
 
 		if ( curr_mtu <= DTLS1_HM_HEADER_LENGTH)
 			{
@@ -300,15 +305,27 @@ int dtls1_do_write(SSL *s, int type)
 			ret = BIO_flush(SSL_get_wbio(s));
 			if ( ret <= 0)
 				return ret;
-			curr_mtu = s->d1->mtu - DTLS1_RT_HEADER_LENGTH -
-				mac_size - blocksize;
+			used_len = DTLS1_RT_HEADER_LENGTH + mac_size + blocksize;
+			if(s->d1->mtu > used_len + DTLS1_HM_HEADER_LENGTH)
+				{
+				curr_mtu = s->d1->mtu - used_len;
+				}
+			else
+				{
+				/* Shouldn't happen */
+				return -1;
+				}
 			}
 
-		if ( s->init_num > curr_mtu)
+		/* We just checked that s->init_num > 0 so this cast should be safe */
+		if (((unsigned int)s->init_num) > curr_mtu)
 			len = curr_mtu;
 		else
 			len = s->init_num;
 
+		/* Shouldn't ever happen */
+		if(len > INT_MAX)
+			len = INT_MAX;
 
 		/* XDTLS: this function is too long.  split out the CCS part */
 		if ( type == SSL3_RT_HANDSHAKE)
@@ -319,12 +336,17 @@ int dtls1_do_write(SSL *s, int type)
 				s->init_off -= DTLS1_HM_HEADER_LENGTH;
 				s->init_num += DTLS1_HM_HEADER_LENGTH;
 
-				if ( s->init_num > curr_mtu)
+				/* We just checked that s->init_num > 0 so this cast should be safe */
+				if (((unsigned int)s->init_num) > curr_mtu)
 					len = curr_mtu;
 				else
 					len = s->init_num;
 				}
 
+			/* Shouldn't ever happen */
+			if(len > INT_MAX)
+				len = INT_MAX;
+
 			if ( len < DTLS1_HM_HEADER_LENGTH )
 				{
 				/*


hooks/post-receive
-- 
OpenSSL source code


More information about the openssl-commits mailing list