diff options
| author | Lutz Jänicke <jaenicke@openssl.org> | 2008-10-13 06:43:06 +0000 |
|---|---|---|
| committer | Lutz Jänicke <jaenicke@openssl.org> | 2008-10-13 06:43:06 +0000 |
| commit | 4db3e88459e8f5e742f414e49eab50e5be53ebca (patch) | |
| tree | 43e720d73defd36f30217c445341736cd021a94a /ssl/d1_pkt.c | |
| parent | ab073bad4fb950f84c02e8660a9c36647d7f476e (diff) | |
Firstly, the bitmap we use for replay protection was ending up with zero
length, so a _single_ pair of packets getting switched around would
cause one of them to be 'dropped'.
Secondly, it wasn't even _dropping_ the offending packets, in the
non-blocking case. It was just returning garbage instead.
PR: #1752
Submitted by: David Woodhouse <dwmw2@infradead.org>
Diffstat (limited to 'ssl/d1_pkt.c')
| -rw-r--r-- | ssl/d1_pkt.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/ssl/d1_pkt.c b/ssl/d1_pkt.c index b2765ba801..eb56cf987b 100644 --- a/ssl/d1_pkt.c +++ b/ssl/d1_pkt.c @@ -597,6 +597,7 @@ again: /* check whether this is a repeat, or aged record */ if ( ! dtls1_record_replay_check(s, bitmap, &(rr->seq_num))) { + rr->length = 0; s->packet_length=0; /* dump this record */ goto again; /* get another record */ } |