Commit 41d049e1 authored by Matt Caswell's avatar Matt Caswell
Browse files

Return errors even if the cookie validation has succeeded 



In the DTLS ClientHello processing the return value is stored in |ret| which
by default is -1. We wish to return 1 on success or 2 on success *and* we
have validated the DTLS cookie. Previously on successful validation of the
cookie we were setting |ret| to 2. Unfortunately if we later encounter an
error then we can end up returning a successful (positive) return code from
the function because we already set |ret| to a positive value.

This does not appear to have a security consequence because the handshake
just fails at a later point.

Reviewed-by: default avatarAndy Polyakov <appro@openssl.org>
parent 98b94544

ssl/s3_srvr.c

+4 −6
Original line number Diff line number Diff line
@@ -966,7 +966,7 @@ int ssl3_check_client_hello(SSL *s) 


int ssl3_get_client_hello(SSL *s)

{

    int i, j, ok, al, ret = -1;

    int i, j, ok, al, ret = -1, cookie_valid = 0;;

    unsigned int cookie_len;

    long n;

    unsigned long id;
@@ -1154,8 +1154,7 @@ int ssl3_get_client_hello(SSL *s) 
                SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_COOKIE_MISMATCH);

                goto f_err;

            }



            ret = 2;

            cookie_valid = 1;

        }



        p += cookie_len;
@@ -1491,8 +1490,7 @@ int ssl3_get_client_hello(SSL *s) 
        }

    }



    if (ret < 0)

        ret = 1;

    ret = cookie_valid ? 2 : 1;

    if (0) {

 f_err:

        ssl3_send_alert(s, SSL3_AL_FATAL, al);
@@ -1502,7 +1500,7 @@ int ssl3_get_client_hello(SSL *s) 


    if (ciphers != NULL)

        sk_SSL_CIPHER_free(ciphers);

    return (ret);

    return ret;

}



int ssl3_send_server_hello(SSL *s)