diff options
author | Igor Pashev <igor.pashev@nexenta.com> | 2012-10-26 17:19:15 +0400 |
---|---|---|
committer | Igor Pashev <igor.pashev@nexenta.com> | 2012-10-26 17:19:15 +0400 |
commit | a5fa80e2a069e35331af10369d810b4daa63635b (patch) | |
tree | cde72d630e4066581f9818b3a506b6433e343923 /openssl0.9.8/patches/dtls-fragment-alert.patch | |
parent | a66434a8c8bc288d863e0f649e8e465ac4525043 (diff) | |
download | cibs-pkgs-a5fa80e2a069e35331af10369d810b4daa63635b.tar.gz |
openssl 0.9.8 mostly done
Diffstat (limited to 'openssl0.9.8/patches/dtls-fragment-alert.patch')
-rw-r--r-- | openssl0.9.8/patches/dtls-fragment-alert.patch | 33 |
1 files changed, 33 insertions, 0 deletions
diff --git a/openssl0.9.8/patches/dtls-fragment-alert.patch b/openssl0.9.8/patches/dtls-fragment-alert.patch new file mode 100644 index 0000000..c538340 --- /dev/null +++ b/openssl0.9.8/patches/dtls-fragment-alert.patch @@ -0,0 +1,33 @@ +Index: openssl-0.9.8o/ssl/d1_both.c +=================================================================== +--- openssl-0.9.8o.orig/ssl/d1_both.c 2010-05-03 13:01:59.000000000 +0000 ++++ openssl-0.9.8o/ssl/d1_both.c 2012-01-14 21:46:02.000000000 +0000 +@@ -806,7 +806,13 @@ + *ok = 0; + return i; + } +- OPENSSL_assert(i == DTLS1_HM_HEADER_LENGTH); ++ /* Handshake fails if message header is incomplete */ ++ if (i != DTLS1_HM_HEADER_LENGTH) ++ { ++ al=SSL_AD_UNEXPECTED_MESSAGE; ++ SSLerr(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT,SSL_R_UNEXPECTED_MESSAGE); ++ goto f_err; ++ } + + /* parse the message fragment header */ + dtls1_get_message_header(wire, &msg_hdr); +@@ -876,7 +882,12 @@ + + /* XDTLS: an incorrectly formatted fragment should cause the + * handshake to fail */ +- OPENSSL_assert(i == (int)frag_len); ++ if (i != (int)frag_len) ++ { ++ al=SSL3_AD_ILLEGAL_PARAMETER; ++ SSLerr(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT,SSL3_AD_ILLEGAL_PARAMETER); ++ goto f_err; ++ } + + *ok = 1; + |