PR: 2218

Submitted By: Robin Seggelmann <seggelmann@fh-muenster.de> Fixes for DTLS replay bug.
author: Dr. Stephen Henson <steve@openssl.org> 2010-04-06 12:44:44 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2010-04-06 12:44:44 +0000
commit: 5e613d5411cf61498d3f03ce5eb3d0a710fbbaf0 (patch)
tree: e540c308ac447e52577316e6cf8bb5e561a27a9e /ssl/d1_pkt.c
parent: 56e930eb03c2d266cd8d27f42fc782c08bf95446 (diff)
1 files changed, 10 insertions, 9 deletions
diff --git a/ssl/d1_pkt.c b/ssl/d1_pkt.c
index 4ecabc8f42..0326535e8d 100644
--- a/ssl/d1_pkt.c
+++ b/ssl/d1_pkt.c
@@ -624,15 +624,16 @@ again:
 	/* just read a 0 length packet */
 	if (rr->length == 0) goto again;
 
-    /* If this record is from the next epoch (either HM or ALERT), buffer it
-     * since it cannot be processed at this time.
-     * Records from the next epoch are marked as received even though they are 
-     * not processed, so as to prevent any potential resource DoS attack */
-    if (is_next_epoch)
-        {
-        dtls1_record_bitmap_update(s, bitmap);
-        dtls1_buffer_record(s, &(s->d1->unprocessed_rcds), &rr->seq_num);
-	rr->length = 0;
+	/* If this record is from the next epoch (either HM or ALERT),
+	 * and a handshake is currently in progress, buffer it since it
+	 * cannot be processed at this time. */
+	if (is_next_epoch)
+		{
+		if (SSL_in_init(s) || s->in_handshake)
+			{
+			dtls1_buffer_record(s, &(s->d1->unprocessed_rcds), rr->seq_num);
+			}
+		rr->length = 0;
         s->packet_length = 0;
         goto again;
         }
author	Dr. Stephen Henson <steve@openssl.org>	2010-04-06 12:44:44 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2010-04-06 12:44:44 +0000
commit	5e613d5411cf61498d3f03ce5eb3d0a710fbbaf0 (patch)
tree	e540c308ac447e52577316e6cf8bb5e561a27a9e /ssl/d1_pkt.c
parent	56e930eb03c2d266cd8d27f42fc782c08bf95446 (diff)