projects
/
openssl.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Follow on from CVE-2014-3571. This fixes the code that was the original source
[openssl.git]
/
ssl
/
d1_pkt.c
diff --git
a/ssl/d1_pkt.c
b/ssl/d1_pkt.c
index d7172603130c8c790d986d50f0686bd575733001..73ce488684796bc285f972f884313c5846e41c9e 100644
(file)
--- a/
ssl/d1_pkt.c
+++ b/
ssl/d1_pkt.c
@@
-676,7
+676,8
@@
again:
* would be dropped unnecessarily.
*/
if (!(s->d1->listen && rr->type == SSL3_RT_HANDSHAKE &&
* would be dropped unnecessarily.
*/
if (!(s->d1->listen && rr->type == SSL3_RT_HANDSHAKE &&
- *p == SSL3_MT_CLIENT_HELLO) &&
+ s->packet_length > DTLS1_RT_HEADER_LENGTH &&
+ s->packet[DTLS1_RT_HEADER_LENGTH] == SSL3_MT_CLIENT_HELLO) &&
!dtls1_record_replay_check(s, bitmap))
{
rr->length = 0;
!dtls1_record_replay_check(s, bitmap))
{
rr->length = 0;