WARNING! Gitlab maintenance operation scheduled for Thursday, 18 June between 19:00 and 20:00 (CET). During this time window, short service interruptions (less than 5 minutes) may occur. Thank you in advance for your understanding.

Commit 2f2d6e3e authored Sep 28, 2016 by Matt Caswell

Fix an Uninit read in DTLS



If we have a handshake fragment waiting then dtls1_read_bytes() was not
correctly setting the value of recvd_type, leading to an uninit read.

Reviewed-by: Rich Salz <rsalz@openssl.org>

parent 55386bef

ssl/record/rec_layer_d1.c

+3 −1

Original line number	Diff line number	Diff line
		@@ -359,8 +359,10 @@ int dtls1_read_bytes(SSL s, int type, int recvd_type, unsigned char *buf,
		/*
		* check whether there's a handshake message (client hello?) waiting
		*/
		if ((ret = have_handshake_fragment(s, type, buf, len)))
		if ((ret = have_handshake_fragment(s, type, buf, len))) {
		*recvd_type = SSL3_RT_HANDSHAKE;
		return ret;
		}

		/*
		* Now s->rlayer.d->handshake_fragment_len == 0 if

Admin message