diff options
author | Matt Caswell <matt@openssl.org> | 2015-11-30 10:38:54 +0000 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2015-11-30 10:51:43 +0000 |
commit | 41d049e1cda0e23ad45fbca94fc90cfe9cfee466 (patch) | |
tree | 74b9e08164b89d806278b0d7ffc0ae8e258a7170 | |
parent | 98b94544e5dcab065404de1892d2aeb726dd6491 (diff) |
Return errors even if the cookie validation has succeeded
In the DTLS ClientHello processing the return value is stored in |ret| which
by default is -1. We wish to return 1 on success or 2 on success *and* we
have validated the DTLS cookie. Previously on successful validation of the
cookie we were setting |ret| to 2. Unfortunately if we later encounter an
error then we can end up returning a successful (positive) return code from
the function because we already set |ret| to a positive value.
This does not appear to have a security consequence because the handshake
just fails at a later point.
Reviewed-by: Andy Polyakov <appro@openssl.org>
-rw-r--r-- | ssl/s3_srvr.c | 10 |
1 files changed, 4 insertions, 6 deletions
diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index 5c5914e034..e2beb40978 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -966,7 +966,7 @@ int ssl3_check_client_hello(SSL *s) int ssl3_get_client_hello(SSL *s) { - int i, j, ok, al, ret = -1; + int i, j, ok, al, ret = -1, cookie_valid = 0;; unsigned int cookie_len; long n; unsigned long id; @@ -1154,8 +1154,7 @@ int ssl3_get_client_hello(SSL *s) SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_COOKIE_MISMATCH); goto f_err; } - - ret = 2; + cookie_valid = 1; } p += cookie_len; @@ -1491,8 +1490,7 @@ int ssl3_get_client_hello(SSL *s) } } - if (ret < 0) - ret = 1; + ret = cookie_valid ? 2 : 1; if (0) { f_err: ssl3_send_alert(s, SSL3_AL_FATAL, al); @@ -1502,7 +1500,7 @@ int ssl3_get_client_hello(SSL *s) if (ciphers != NULL) sk_SSL_CIPHER_free(ciphers); - return (ret); + return ret; } int ssl3_send_server_hello(SSL *s) |