[openssl-commits] [openssl] master update
Matt Caswell
matt at openssl.org
Thu Sep 29 09:02:50 UTC 2016
The branch master has been updated
via 2f2d6e3e3ccd1ae7bba9f1af62f97dfca986e083 (commit)
from 55386bef807c7edd0f1db036c0ed464b28a61d68 (commit)
- Log -----------------------------------------------------------------
commit 2f2d6e3e3ccd1ae7bba9f1af62f97dfca986e083
Author: Matt Caswell <matt at openssl.org>
Date: Wed Sep 28 14:12:26 2016 +0100
Fix an Uninit read in DTLS
If we have a handshake fragment waiting then dtls1_read_bytes() was not
correctly setting the value of recvd_type, leading to an uninit read.
Reviewed-by: Rich Salz <rsalz at openssl.org>
-----------------------------------------------------------------------
Summary of changes:
ssl/record/rec_layer_d1.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/ssl/record/rec_layer_d1.c b/ssl/record/rec_layer_d1.c
index 2455c2b..1d16319 100644
--- a/ssl/record/rec_layer_d1.c
+++ b/ssl/record/rec_layer_d1.c
@@ -359,8 +359,10 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
/*
* check whether there's a handshake message (client hello?) waiting
*/
- if ((ret = have_handshake_fragment(s, type, buf, len)))
+ if ((ret = have_handshake_fragment(s, type, buf, len))) {
+ *recvd_type = SSL3_RT_HANDSHAKE;
return ret;
+ }
/*
* Now s->rlayer.d->handshake_fragment_len == 0 if
More information about the openssl-commits
mailing list