DTLS didn't handle alerts correctly.

PR: 1632

diff --git a/ssl/d1_pkt.c b/ssl/d1_pkt.c
index 2e35db83e64bc2f2316f2dd6b7691d556c6b6aef..eb3af232c7e719171138696b96d7e5fd6449a5d1 100644 (file)
--- a/ssl/d1_pkt.c
+++ b/ssl/d1_pkt.c
@@ -850,6 +850,14 @@ start:
              *  may be fragmented--don't always expect dest_maxlen bytes */
                        if ( rr->length < dest_maxlen)
                                {
+#ifdef DTLS1_AD_MISSING_HANDSHAKE_MESSAGE
+                               /*
+                                * for normal alerts rr->length is 2, while
+                                * dest_maxlen is 7 if we were to handle this
+                                * non-existing alert...
+                                */
+                               FIX ME
+#endif
                                s->rstate=SSL_ST_READ_HEADER;
                                rr->length = 0;
                                goto start;
@@ -1546,7 +1554,7 @@ int dtls1_dispatch_alert(SSL *s)
        {
        int i,j;
        void (*cb)(const SSL *ssl,int type,int val)=NULL;
-       unsigned char buf[2 + 2 + 3]; /* alert level + alert desc + message seq +frag_off */
+       unsigned char buf[DTLS1_AL_HEADER_LENGTH];
        unsigned char *ptr = &buf[0];
 
        s->s3->alert_dispatch=0;

diff --git a/ssl/dtls1.h b/ssl/dtls1.h
index f95c91c7844dc2c6f6c4cdcf49fddbabc870e286..6548a98f035168421f5acd987c9bc26fd323ccb1 100644 (file)
--- a/ssl/dtls1.h
+++ b/ssl/dtls1.h
@@ -70,6 +70,7 @@ extern "C" {
 #define DTLS1_VERSION                  0xFEFF
 
 #if 0
+/* this alert description is not specified anywhere... */
 #define DTLS1_AD_MISSING_HANDSHAKE_MESSAGE    110
 #endif
 
@@ -85,7 +86,11 @@ extern "C" {
 
 #define DTLS1_CCS_HEADER_LENGTH                  1
 
+#ifdef DTLS1_AD_MISSING_HANDSHAKE_MESSAGE
 #define DTLS1_AL_HEADER_LENGTH                   7
+#else
+#define DTLS1_AL_HEADER_LENGTH                   2
+#endif
 
 
 typedef struct dtls1_bitmap_st