Fix DTLS1_BAD_VER regression

Commit 9cf0f187 in HEAD, and 68039af3 in 1.0.2, removed a version check from dtls1_buffer_message() which was needed to distinguish between DTLS 1.x and Cisco's pre-standard version of DTLS (DTLS1_BAD_VER). Based on an original patch by David Woodhouse <dwmw2@infradead.org> RT#3703 Reviewed-by: Tim Hudson <tjh@openssl.org> (cherry picked from commit 5178a16c4375471d25e1f5ef5de46febb62a5529)
author: Matt Caswell <matt@openssl.org> 2015-03-02 14:34:19 +0000
committer: Matt Caswell <matt@openssl.org> 2015-03-09 10:54:06 +0000
commit: ae3fcdf1e5865b709aed4e66924197bc6191fc5b (patch)
tree: c8a35f04f5e82961ca173032ca2084606f6d6db0 /ssl/d1_both.c
parent: d6ca1cee8b6efac5906ac66443d1ca67fe689ff8 (diff)
1 files changed, 3 insertions, 1 deletions
diff --git a/ssl/d1_both.c b/ssl/d1_both.c
index 2553c3de67..21048003bc 100644
--- a/ssl/d1_both.c
+++ b/ssl/d1_both.c
@@ -1108,8 +1108,10 @@ int dtls1_buffer_message(SSL *s, int is_ccs)
     memcpy(frag->fragment, s->init_buf->data, s->init_num);
 
     if (is_ccs) {
+        /* For DTLS1_BAD_VER the header length is non-standard */
         OPENSSL_assert(s->d1->w_msg_hdr.msg_len +
-                       DTLS1_CCS_HEADER_LENGTH == (unsigned int)s->init_num);
+                       ((s->version==DTLS1_BAD_VER)?3:DTLS1_CCS_HEADER_LENGTH)
+                       == (unsigned int)s->init_num);
     } else {
         OPENSSL_assert(s->d1->w_msg_hdr.msg_len +
                        DTLS1_HM_HEADER_LENGTH == (unsigned int)s->init_num);
author	Matt Caswell <matt@openssl.org>	2015-03-02 14:34:19 +0000
committer	Matt Caswell <matt@openssl.org>	2015-03-09 10:54:06 +0000
commit	ae3fcdf1e5865b709aed4e66924197bc6191fc5b (patch)
tree	c8a35f04f5e82961ca173032ca2084606f6d6db0 /ssl/d1_both.c
parent	d6ca1cee8b6efac5906ac66443d1ca67fe689ff8 (diff)