Add more error state transitions (DTLS)

Ensure all fatal errors transition into the new error state for DTLS. Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit cefc93910c4c0f7fa9f8c1f8f7aad084a7fa87d2) Conflicts: ssl/d1_srvr.c Conflicts: ssl/d1_srvr.c
author: Matt Caswell <matt@openssl.org> 2015-04-30 11:50:08 +0100
committer: Matt Caswell <matt@openssl.org> 2015-05-05 20:09:14 +0100
commit: 76d0c6d48e5a42dedb24691a67d733f6859aee4d (patch)
tree: 618dd0adebb92cdc425f97994f31924f4b920d26 /ssl/d1_srvr.c
parent: a329ae226826c3e1fe61156c20096da374844146 (diff)
1 files changed, 8 insertions, 0 deletions
diff --git a/ssl/d1_srvr.c b/ssl/d1_srvr.c
index d12ad6d9b2..d63e229be2 100644
--- a/ssl/d1_srvr.c
+++ b/ssl/d1_srvr.c
@@ -224,11 +224,13 @@ int dtls1_accept(SSL *s)
             if (s->init_buf == NULL) {
                 if ((buf = BUF_MEM_new()) == NULL) {
                     ret = -1;
+                    s->state = SSL_ST_ERR;
                     goto end;
                 }
                 if (!BUF_MEM_grow(buf, SSL3_RT_MAX_PLAIN_LENGTH)) {
                     BUF_MEM_free(buf);
                     ret = -1;
+                    s->state = SSL_ST_ERR;
                     goto end;
                 }
                 s->init_buf = buf;
@@ -236,6 +238,7 @@ int dtls1_accept(SSL *s)
 
             if (!ssl3_setup_buffers(s)) {
                 ret = -1;
+                s->state = SSL_ST_ERR;
                 goto end;
             }
 
@@ -257,6 +260,7 @@ int dtls1_accept(SSL *s)
 #endif
                     if (!ssl_init_wbio_buffer(s, 1)) {
                         ret = -1;
+                        s->state = SSL_ST_ERR;
                         goto end;
                     }
 
@@ -744,6 +748,7 @@ int dtls1_accept(SSL *s)
             s->session->cipher = s->s3->tmp.new_cipher;
             if (!s->method->ssl3_enc->setup_key_block(s)) {
                 ret = -1;
+                s->state = SSL_ST_ERR;
                 goto end;
             }
 
@@ -772,6 +777,7 @@ int dtls1_accept(SSL *s)
                                                           SSL3_CHANGE_CIPHER_SERVER_WRITE))
             {
                 ret = -1;
+                s->state = SSL_ST_ERR;
                 goto end;
             }
 
@@ -852,6 +858,7 @@ int dtls1_accept(SSL *s)
             goto end;
             /* break; */
 
+        case SSL_ST_ERR:
         default:
             SSLerr(SSL_F_DTLS1_ACCEPT, SSL_R_UNKNOWN_STATE);
             ret = -1;
@@ -932,6 +939,7 @@ int dtls1_send_hello_verify_request(SSL *s)
                                       &(s->d1->cookie_len)) == 0) {
             SSLerr(SSL_F_DTLS1_SEND_HELLO_VERIFY_REQUEST,
                    ERR_R_INTERNAL_ERROR);
+            s->state = SSL_ST_ERR;
             return 0;
         }
author	Matt Caswell <matt@openssl.org>	2015-04-30 11:50:08 +0100
committer	Matt Caswell <matt@openssl.org>	2015-05-05 20:09:14 +0100
commit	76d0c6d48e5a42dedb24691a67d733f6859aee4d (patch)
tree	618dd0adebb92cdc425f97994f31924f4b920d26 /ssl/d1_srvr.c
parent	a329ae226826c3e1fe61156c20096da374844146 (diff)