Buffer a ClientHello with a cookie received via DTLSv1_listen (079ef6bd) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL · GitLab

Commit 079ef6bd authored Oct 09, 2018 by

Matt Caswell

Buffer a ClientHello with a cookie received via DTLSv1_listen



Previously when a ClientHello arrives with a valid cookie using
DTLSv1_listen() we only "peeked" at the message and left it on the
underlying fd. This works fine for single threaded applications but for
multi-threaded apps this does not work since the fd is typically reused for
the server thread, while a new fd is created and connected for the client.
By "peeking" we leave the message on the server fd, and consequently we
think we've received another valid ClientHello and so we create yet another
fd for the client, and so on until we run out of fds.

In this new approach we remove the ClientHello and buffer it in the SSL
object.

Fixes #6934

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/7375)

parent 2fc4c77c

Hide whitespace changes

Inline Side-by-side

admin_forge @etsi-cti-admin
mentioned in commit d1bfd807
· Jun 19, 2019

mentioned in commit d1bfd807

mentioned in commit d1bfd8076e28b134f7d6a03611e60381b522c1c9

Toggle commit list

Please register or to comment