[openssl-commits] [openssl] master update
Matt Caswell
matt at openssl.org
Thu Jul 30 09:23:44 UTC 2015
The branch master has been updated
via 5e8b24dbfb98ed7c5b355cb6a959906a418e264b (commit)
from fa4629b6a2518d202fd051f228c3d8770682b3be (commit)
- Log -----------------------------------------------------------------
commit 5e8b24dbfb98ed7c5b355cb6a959906a418e264b
Author: Matt Caswell <matt at openssl.org>
Date: Wed Jul 29 23:20:56 2015 +0100
Fix write failure handling in DTLS1.2
The DTLS code is supposed to drop packets if we try to write them out but
the underlying BIO write buffers are full. ssl3_write_pending() contains
an incorrect test for DTLS that controls this. The test only checks for
DTLS1 so DTLS1.2 does not correctly clear the internal OpenSSL buffer which
can later cause an assert to be hit. This commit changes the test to cover
all DTLS versions.
RT#3967
Reviewed-by: Tim Hudson <tjh at openssl.org>
-----------------------------------------------------------------------
Summary of changes:
ssl/record/rec_layer_s3.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/ssl/record/rec_layer_s3.c b/ssl/record/rec_layer_s3.c
index 79d3c21..d6e922c 100644
--- a/ssl/record/rec_layer_s3.c
+++ b/ssl/record/rec_layer_s3.c
@@ -929,7 +929,7 @@ int ssl3_write_pending(SSL *s, int type, const unsigned char *buf,
s->rwstate = SSL_NOTHING;
return (s->rlayer.wpend_ret);
} else if (i <= 0) {
- if (s->version == DTLS1_VERSION || s->version == DTLS1_BAD_VER) {
+ if (SSL_IS_DTLS(s)) {
/*
* For DTLS, just drop it. That's kind of the whole point in
* using a datagram service
More information about the openssl-commits
mailing list