PR: 2628

author Dr. Stephen Henson <steve@openssl.org>

Thu, 27 Oct 2011 13:06:52 +0000 (13:06 +0000)

committer Dr. Stephen Henson <steve@openssl.org>

Thu, 27 Oct 2011 13:06:52 +0000 (13:06 +0000)
author Dr. Stephen Henson <steve@openssl.org>
Thu, 27 Oct 2011 13:06:52 +0000 (13:06 +0000)
committer Dr. Stephen Henson <steve@openssl.org>
Thu, 27 Oct 2011 13:06:52 +0000 (13:06 +0000)
diff --git a/ssl/d1_both.c b/ssl/d1_both.c

index 68172a9dda0b2e7d114422f836f7e12b428e3ea4..9f898d69978d38f7d59667f57bd2e46012917300 100644 (file)
--- a/ssl/d1_both.c
+++ b/ssl/d1_both.c
@@ -793,7 +793,13 @@ dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok)
                 *ok = 0;
                 return i;
                 }
-       OPENSSL_assert(i == DTLS1_HM_HEADER_LENGTH);
+       /* Handshake fails if message header is incomplete */
+       if (i != DTLS1_HM_HEADER_LENGTH)
+               {
+               al=SSL_AD_UNEXPECTED_MESSAGE;
+               SSLerr(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT,SSL_R_UNEXPECTED_MESSAGE);
+               goto f_err;
+               }
  
         /* parse the message fragment header */
         dtls1_get_message_header(wire, &msg_hdr);
@@ -865,7 +871,12 @@ dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok)
  
         /* XDTLS:  an incorrectly formatted fragment should cause the 
          * handshake to fail */
-       OPENSSL_assert(i == (int)frag_len);
+       if (i != (int)frag_len)
+               {
+               al=SSL3_AD_ILLEGAL_PARAMETER;
+               SSLerr(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT,SSL3_AD_ILLEGAL_PARAMETER);
+               goto f_err;
+               }
  
         *ok = 1;
author	Dr. Stephen Henson <steve@openssl.org>
	Thu, 27 Oct 2011 13:06:52 +0000 (13:06 +0000)
committer	Dr. Stephen Henson <steve@openssl.org>
	Thu, 27 Oct 2011 13:06:52 +0000 (13:06 +0000)