Fix DTLS buffered message DoS attack

[openssl.git] / ssl / statem / statem_dtls.c

diff --git a/ssl/statem/statem_dtls.c b/ssl/statem/statem_dtls.c
index 46843ce0fccef0524c55ec5d2cb652e90ae86512..de2de097967233b659b988b9788aae22b8703141 100644 (file)
--- a/ssl/statem/statem_dtls.c
+++ b/ssl/statem/statem_dtls.c
@@ -442,11 +442,23 @@ static int dtls1_retrieve_buffered_fragment(SSL *s, int *ok)
     int al;
 
     *ok = 0;
-    item = pqueue_peek(s->d1->buffered_messages);
-    if (item == NULL)
-        return 0;
 
-    frag = (hm_fragment *)item->data;
+    do {
+        item = pqueue_peek(s->d1->buffered_messages);
+        if (item == NULL)
+            return 0;
+
+        frag = (hm_fragment *)item->data;
+
+        if (frag->msg_header.seq < s->d1->handshake_read_seq) {
+            /* This is a stale message that has been buffered so clear it */
+            pqueue_pop(s->d1->buffered_messages);
+            dtls1_hm_fragment_free(frag);
+            pitem_free(item);
+            item = NULL;
+            frag = NULL;
+        }
+    } while (item == NULL);
 
     /* Don't return if reassembly still in progress */
     if (frag->reassembly != NULL)
@@ -1117,18 +1129,6 @@ int dtls1_retransmit_message(SSL *s, unsigned short seq, int *found)
     return ret;
 }
 
-/* call this function when the buffered messages are no longer needed */
-void dtls1_clear_record_buffer(SSL *s)
-{
-    pitem *item;
-
-    for (item = pqueue_pop(s->d1->sent_messages);
-         item != NULL; item = pqueue_pop(s->d1->sent_messages)) {
-        dtls1_hm_fragment_free((hm_fragment *)item->data);
-        pitem_free(item);
-    }
-}
-
 void dtls1_set_message_header(SSL *s,
                               unsigned char mt, unsigned long len,
                               unsigned long frag_off, unsigned long frag_len)