PR: 2022

Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org

Fix DTLS record header length bug.

diff --git a/ssl/s3_both.c b/ssl/s3_both.c
index c8a79f47b5221579be2d88d01ce76c21403958c6..4042d13274ccfebed5d0ee168aed356b9e47fd99 100644 (file)
--- a/ssl/s3_both.c
+++ b/ssl/s3_both.c
@@ -587,9 +587,14 @@ int ssl_verify_alarm_type(long type)
 int ssl3_setup_buffers(SSL *s)
        {
        unsigned char *p;
-       unsigned int extra;
+       unsigned int extra,headerlen;
        size_t len;
 
+       if (SSL_version(s) == DTLS1_VERSION || SSL_version(s) == DTLS1_BAD_VER)
+               headerlen = DTLS1_RT_HEADER_LENGTH;
+       else
+               headerlen = SSL3_RT_HEADER_LENGTH;
+
        if (s->s3->rbuf.buf == NULL)
                {
                if (s->options & SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER)
@@ -606,7 +611,7 @@ int ssl3_setup_buffers(SSL *s)
        if (s->s3->wbuf.buf == NULL)
                {
                len = SSL3_RT_MAX_PACKET_SIZE;
-               len += SSL3_RT_HEADER_LENGTH + 256; /* extra space for empty fragment */
+               len += headerlen + 256; /* extra space for empty fragment */
                if ((p=OPENSSL_malloc(len)) == NULL)
                        goto err;
                s->s3->wbuf.buf = p;