diff options
author | Matt Caswell <matt@openssl.org> | 2017-04-21 14:00:20 +0100 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2017-04-25 11:13:39 +0100 |
commit | aefb925647175a310df73416c9c7253424a65106 (patch) | |
tree | 97d2879bf217a87b49a0e9c32a50e120f0e1fb72 /ssl/statem/statem_dtls.c | |
parent | bd79bcb42bab120575fc398692b7b61b1c5e6ed2 (diff) |
Don't attempt to send fragments > max_send_fragment in DTLS
We were allocating the write buffer based on the size of max_send_fragment,
but ignoring it when writing data. We should fragment handshake messages
if they exceed max_send_fragment and reject application data writes that
are too large.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3286)
Diffstat (limited to 'ssl/statem/statem_dtls.c')
-rw-r--r-- | ssl/statem/statem_dtls.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/ssl/statem/statem_dtls.c b/ssl/statem/statem_dtls.c index 34964dbd5d..b2ba35763a 100644 --- a/ssl/statem/statem_dtls.c +++ b/ssl/statem/statem_dtls.c @@ -214,6 +214,9 @@ int dtls1_do_write(SSL *s, int type) else len = s->init_num; + if (len > s->max_send_fragment) + len = s->max_send_fragment; + /* * XDTLS: this function is too long. split out the CCS part */ |