Don't crash when processing a zero-length, TLS >= 1.1 record.

The previous CBC patch was bugged in that there was a path through enc() in s3_pkt.c/d1_pkt.c which didn't set orig_len. orig_len would be left at the previous value which could suggest that the packet was a sufficient length when it wasn't. (cherry picked from commit 6cb19b7681f600b2f165e4adc57547b097b475fd)
author: Ben Laurie <ben@links.org> 2013-01-28 17:33:18 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2013-02-06 13:56:13 +0000
commit: e0da2c2ed29a3a66c22e6a8a5072b58399835d71 (patch)
tree: ff98d5b081657a30e40b857a17809083654f2391 /ssl/d1_pkt.c
parent: fb0a59cc58e69203b1269d5f1c355f4944a8b350 (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/ssl/d1_pkt.c b/ssl/d1_pkt.c
index 5e2c56c983..4763d5cd1f 100644
--- a/ssl/d1_pkt.c
+++ b/ssl/d1_pkt.c
@@ -414,6 +414,7 @@ dtls1_process_record(SSL *s)
 
 	/* decrypt in place in 'rr->input' */
 	rr->data=rr->input;
+	rr->orig_len=rr->length;
 
 	enc_err = s->method->ssl3_enc->enc(s,0);
 	if (enc_err <= 0)
author	Ben Laurie <ben@links.org>	2013-01-28 17:33:18 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2013-02-06 13:56:13 +0000
commit	e0da2c2ed29a3a66c22e6a8a5072b58399835d71 (patch)
tree	ff98d5b081657a30e40b857a17809083654f2391 /ssl/d1_pkt.c
parent	fb0a59cc58e69203b1269d5f1c355f4944a8b350 (diff)