[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

Matt Caswell matt at openssl.org
Thu Jul 30 09:24:08 UTC 2015


The branch OpenSSL_1_0_2-stable has been updated
       via  9e43fe9a2bd38f06385b5b721f7c4b3ff0e4163f (commit)
      from  374fd385c2347b965c3490aa1c10025e1339d265 (commit)


- Log -----------------------------------------------------------------
commit 9e43fe9a2bd38f06385b5b721f7c4b3ff0e4163f
Author: Matt Caswell <matt at openssl.org>
Date:   Wed Jul 29 23:20:56 2015 +0100

    Fix write failure handling in DTLS1.2
    
    The DTLS code is supposed to drop packets if we try to write them out but
    the underlying BIO write buffers are full. ssl3_write_pending() contains
    an incorrect test for DTLS that controls this. The test only checks for
    DTLS1 so DTLS1.2 does not correctly clear the internal OpenSSL buffer which
    can later cause an assert to be hit. This commit changes the test to cover
    all DTLS versions.
    
    RT#3967
    
    Reviewed-by: Tim Hudson <tjh at openssl.org>
    (cherry picked from commit 5e8b24dbfb98ed7c5b355cb6a959906a418e264b)

-----------------------------------------------------------------------

Summary of changes:
 ssl/s3_pkt.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c
index 603c285..3798902 100644
--- a/ssl/s3_pkt.c
+++ b/ssl/s3_pkt.c
@@ -1115,7 +1115,7 @@ int ssl3_write_pending(SSL *s, int type, const unsigned char *buf,
             s->rwstate = SSL_NOTHING;
             return (s->s3->wpend_ret);
         } else if (i <= 0) {
-            if (s->version == DTLS1_VERSION || s->version == DTLS1_BAD_VER) {
+            if (SSL_IS_DTLS(s)) {
                 /*
                  * For DTLS, just drop it. That's kind of the whole point in
                  * using a datagram service


More information about the openssl-commits mailing list