if (!clear)
{
mac_size=EVP_MD_CTX_size(s->read_hash);
+ if (mac_size <= 0)
+ {
+ al=SSL_AD_INTERNAL_ERROR;
+ SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_BAD_MAC_LENGTH);
+ goto f_err;
+ }
if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH+mac_size)
{
/* check whether this is a repeat, or aged record */
if ( ! dtls1_record_replay_check(s, bitmap))
{
+ rr->length = 0;
s->packet_length=0; /* dump this record */
goto again; /* get another record */
}