PR: 2218
authorDr. Stephen Henson <steve@openssl.org>
Tue, 6 Apr 2010 12:45:04 +0000 (12:45 +0000)
committerDr. Stephen Henson <steve@openssl.org>
Tue, 6 Apr 2010 12:45:04 +0000 (12:45 +0000)
Submitted By: Robin Seggelmann <seggelmann@fh-muenster.de>

Fixes for DTLS replay bug.

ssl/d1_pkt.c

index 54235f2..20d24b6 100644 (file)
@@ -667,14 +667,14 @@ again:
        if (rr->length == 0) goto again;
 
        /* If this record is from the next epoch (either HM or ALERT),
-        * buffer it since it cannot be processed at this time. Records
-        * from the next epoch are marked as received even though they
-        * are not processed, so as to prevent any potential resource
-        * DoS attack */
+        * and a handshake is currently in progress, buffer it since it
+        * cannot be processed at this time. */
        if (is_next_epoch)
                {
-               dtls1_record_bitmap_update(s, bitmap);
-               dtls1_buffer_record(s, &(s->d1->unprocessed_rcds), rr->seq_num);
+               if (SSL_in_init(s) || s->in_handshake)
+                       {
+                       dtls1_buffer_record(s, &(s->d1->unprocessed_rcds), rr->seq_num);
+                       }
                rr->length = 0;
                s->packet_length = 0;
                goto again;