Fix SSL_pending() for DTLS

DTLS was not correctly returning the number of pending bytes left in a call to SSL_pending(). This makes the detection of truncated packets almost impossible. Fixes #5478 Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6020)
author: Matt Caswell <matt@openssl.org> 2018-04-19 16:42:39 +0100
committer: Matt Caswell <matt@openssl.org> 2018-04-20 11:51:57 +0100
commit: 5b79813b23c02e79e3856ac526f0aab3b8c2e811 (patch)
tree: d5ef9d168de136a1d24b3c07707f816cabca7039 /ssl
parent: 033c181ba690ef234812c51d4c6cb7d8dd337cb7 (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/ssl/record/rec_layer_d1.c b/ssl/record/rec_layer_d1.c
index ddb3a61832..90029a2535 100644
--- a/ssl/record/rec_layer_d1.c
+++ b/ssl/record/rec_layer_d1.c
@@ -418,6 +418,7 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
     /* get new packet if necessary */
     if ((SSL3_RECORD_get_length(rr) == 0)
         || (s->rlayer.rstate == SSL_ST_READ_BODY)) {
+        RECORD_LAYER_set_numrpipes(&s->rlayer, 0);
         iret = dtls1_get_record(s);
         if (iret <= 0) {
             iret = dtls1_read_failed(s, iret);
@@ -430,6 +431,7 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
             else
                 goto start;
         }
+        RECORD_LAYER_set_numrpipes(&s->rlayer, 1);
     }
 
     /*
author	Matt Caswell <matt@openssl.org>	2018-04-19 16:42:39 +0100
committer	Matt Caswell <matt@openssl.org>	2018-04-20 11:51:57 +0100
commit	5b79813b23c02e79e3856ac526f0aab3b8c2e811 (patch)
tree	d5ef9d168de136a1d24b3c07707f816cabca7039 /ssl
parent	033c181ba690ef234812c51d4c6cb7d8dd337cb7 (diff)