diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2013-12-20 15:26:50 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2013-12-20 23:25:41 +0000 |
commit | 80b6d97585511931d7e5d1cbf24bd19f34d88bda (patch) | |
tree | 7234b7d7e936ac1c1fe1ef64b26ea8ebd95bebb6 /ssl/d1_both.c | |
parent | ff64ab32aef676020abb1097c2ca17cef106b9de (diff) |
Fix DTLS retransmission from previous session.
For DTLS we might need to retransmit messages from the previous session
so keep a copy of write context in DTLS retransmission buffers instead
of replacing it after sending CCS. CVE-2013-6450.
(cherry picked from commit 34628967f1e65dc8f34e000f0f5518e21afbfc7b)
Diffstat (limited to 'ssl/d1_both.c')
-rw-r--r-- | ssl/d1_both.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/ssl/d1_both.c b/ssl/d1_both.c index f7947bd988..f0c5962949 100644 --- a/ssl/d1_both.c +++ b/ssl/d1_both.c @@ -214,6 +214,12 @@ dtls1_hm_fragment_new(unsigned long frag_len, int reassembly) static void dtls1_hm_fragment_free(hm_fragment *frag) { + + if (frag->msg_header.is_ccs) + { + EVP_CIPHER_CTX_free(frag->msg_header.saved_retransmit_state.enc_write_ctx); + EVP_MD_CTX_destroy(frag->msg_header.saved_retransmit_state.write_hash); + } if (frag->fragment) OPENSSL_free(frag->fragment); if (frag->reassembly) OPENSSL_free(frag->reassembly); OPENSSL_free(frag); |