diff options
author | Matt Caswell <matt@openssl.org> | 2015-04-30 11:50:08 +0100 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2015-05-05 19:45:59 +0100 |
commit | cefc93910c4c0f7fa9f8c1f8f7aad084a7fa87d2 (patch) | |
tree | ef440136b62c7458a0f5ed63cf0536302e37f641 /ssl/d1_srvr.c | |
parent | cc273a93617a5c1e69cb5db6f655e463f8e31806 (diff) |
Add more error state transitions (DTLS)
Ensure all fatal errors transition into the new error state for DTLS.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Diffstat (limited to 'ssl/d1_srvr.c')
-rw-r--r-- | ssl/d1_srvr.c | 13 |
1 files changed, 12 insertions, 1 deletions
diff --git a/ssl/d1_srvr.c b/ssl/d1_srvr.c index 663f118103..cc4874f239 100644 --- a/ssl/d1_srvr.c +++ b/ssl/d1_srvr.c @@ -238,11 +238,13 @@ int dtls1_accept(SSL *s) if (s->init_buf == NULL) { if ((buf = BUF_MEM_new()) == NULL) { ret = -1; + s->state = SSL_ST_ERR; goto end; } if (!BUF_MEM_grow(buf, SSL3_RT_MAX_PLAIN_LENGTH)) { BUF_MEM_free(buf); ret = -1; + s->state = SSL_ST_ERR; goto end; } s->init_buf = buf; @@ -250,6 +252,7 @@ int dtls1_accept(SSL *s) if (!ssl3_setup_buffers(s)) { ret = -1; + s->state = SSL_ST_ERR; goto end; } @@ -271,6 +274,7 @@ int dtls1_accept(SSL *s) #endif if (!ssl_init_wbio_buffer(s, 1)) { ret = -1; + s->state = SSL_ST_ERR; goto end; } @@ -643,6 +647,7 @@ int dtls1_accept(SSL *s) break; if (!s->s3->handshake_buffer) { SSLerr(SSL_F_DTLS1_ACCEPT, ERR_R_INTERNAL_ERROR); + s->state = SSL_ST_ERR; return -1; } /* @@ -651,8 +656,10 @@ int dtls1_accept(SSL *s) */ if (!(s->s3->flags & SSL_SESS_FLAG_EXTMS)) { s->s3->flags |= TLS1_FLAGS_KEEP_HANDSHAKE; - if (!ssl3_digest_cached_records(s)) + if (!ssl3_digest_cached_records(s)) { + s->state = SSL_ST_ERR; return -1; + } } } else { s->state = SSL3_ST_SR_CERT_VRFY_A; @@ -755,6 +762,7 @@ int dtls1_accept(SSL *s) s->session->cipher = s->s3->tmp.new_cipher; if (!s->method->ssl3_enc->setup_key_block(s)) { ret = -1; + s->state = SSL_ST_ERR; goto end; } @@ -783,6 +791,7 @@ int dtls1_accept(SSL *s) SSL3_CHANGE_CIPHER_SERVER_WRITE)) { ret = -1; + s->state = SSL_ST_ERR; goto end; } @@ -858,6 +867,7 @@ int dtls1_accept(SSL *s) goto end; /* break; */ + case SSL_ST_ERR: default: SSLerr(SSL_F_DTLS1_ACCEPT, SSL_R_UNKNOWN_STATE); ret = -1; @@ -916,6 +926,7 @@ int dtls1_send_hello_verify_request(SSL *s) &(s->d1->cookie_len)) == 0) { SSLerr(SSL_F_DTLS1_SEND_HELLO_VERIFY_REQUEST, ERR_R_INTERNAL_ERROR); + s->state = SSL_ST_ERR; return 0; } |