diff options
author | Matt Caswell <matt@openssl.org> | 2016-09-28 14:12:26 +0100 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2016-09-29 09:58:14 +0100 |
commit | 2f2d6e3e3ccd1ae7bba9f1af62f97dfca986e083 (patch) | |
tree | 74030b2ce8d0924918959244763f2e9287a309aa /ssl | |
parent | 55386bef807c7edd0f1db036c0ed464b28a61d68 (diff) |
Fix an Uninit read in DTLS
If we have a handshake fragment waiting then dtls1_read_bytes() was not
correctly setting the value of recvd_type, leading to an uninit read.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Diffstat (limited to 'ssl')
-rw-r--r-- | ssl/record/rec_layer_d1.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/ssl/record/rec_layer_d1.c b/ssl/record/rec_layer_d1.c index 2455c2bd12..1d16319f14 100644 --- a/ssl/record/rec_layer_d1.c +++ b/ssl/record/rec_layer_d1.c @@ -359,8 +359,10 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, /* * check whether there's a handshake message (client hello?) waiting */ - if ((ret = have_handshake_fragment(s, type, buf, len))) + if ((ret = have_handshake_fragment(s, type, buf, len))) { + *recvd_type = SSL3_RT_HANDSHAKE; return ret; + } /* * Now s->rlayer.d->handshake_fragment_len == 0 if |