Commit 2f2d6e3e authored by Matt Caswell's avatar Matt Caswell
Browse files

Fix an Uninit read in DTLS 



If we have a handshake fragment waiting then dtls1_read_bytes() was not
correctly setting the value of recvd_type, leading to an uninit read.

Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
parent 55386bef

ssl/record/rec_layer_d1.c

+3 −1
Original line number Diff line number Diff line
@@ -359,8 +359,10 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, 
    /*

     * check whether there's a handshake message (client hello?) waiting

     */

    if ((ret = have_handshake_fragment(s, type, buf, len)))

    if ((ret = have_handshake_fragment(s, type, buf, len))) {

        *recvd_type = SSL3_RT_HANDSHAKE;

        return ret;

    }



    /*

     * Now s->rlayer.d->handshake_fragment_len == 0 if