Half of the commit for 0.9.8 as the bitmap handling has changed.
authorLutz Jänicke <jaenicke@openssl.org>
Mon, 13 Oct 2008 06:43:03 +0000 (06:43 +0000)
committerLutz Jänicke <jaenicke@openssl.org>
Mon, 13 Oct 2008 06:43:03 +0000 (06:43 +0000)
(Firstly... ommitted)

Secondly, it wasn't even _dropping_ the offending packets, in the
non-blocking case. It was just returning garbage instead.
PR: #1752
Submitted by: David Woodhouse <dwmw2@infradead.org>

ssl/d1_pkt.c

index 0321ee7..9e38cb5 100644 (file)
@@ -635,6 +635,7 @@ again:
        /* check whether this is a repeat, or aged record */
        if ( ! dtls1_record_replay_check(s, bitmap))
                {
+               rr->length = 0;
                s->packet_length=0; /* dump this record */
                goto again;     /* get another record */
                }