PR: 1981
authorDr. Stephen Henson <steve@openssl.org>
Sat, 4 Jul 2009 11:38:40 +0000 (11:38 +0000)
committerDr. Stephen Henson <steve@openssl.org>
Sat, 4 Jul 2009 11:38:40 +0000 (11:38 +0000)
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org

DTLS record header bugfix.

ssl/d1_pkt.c

index 35e83d8..a940449 100644 (file)
@@ -586,26 +586,27 @@ again:
                        {
                        if (version != s->version)
                                {
-                               SSLerr(SSL_F_DTLS1_GET_RECORD,SSL_R_WRONG_VERSION_NUMBER);
-                               /* Send back error using their
-                                * version number :-) */
-                               s->version=version;
-                               al=SSL_AD_PROTOCOL_VERSION;
-                               goto f_err;
+                               /* unexpected version, silently discard */
+                               rr->length = 0;
+                               s->packet_length = 0;
+                               goto again;
                                }
                        }
 
                if ((version & 0xff00) != (s->version & 0xff00))
                        {
-                       SSLerr(SSL_F_DTLS1_GET_RECORD,SSL_R_WRONG_VERSION_NUMBER);
-                       goto err;
+                       /* wrong version, silently discard record */
+                       rr->length = 0;
+                       s->packet_length = 0;
+                       goto again;
                        }
 
                if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH)
                        {
-                       al=SSL_AD_RECORD_OVERFLOW;
-                       SSLerr(SSL_F_DTLS1_GET_RECORD,SSL_R_PACKET_LENGTH_TOO_LONG);
-                       goto f_err;
+                       /* record too long, silently discard it */
+                       rr->length = 0;
+                       s->packet_length = 0;
+                       goto again;
                        }
 
                /* now s->rstate == SSL_ST_READ_BODY */