Commit 4f9fab6b authored Feb 05, 2015 by Matt Caswell

Add ticket length before buffering DTLS message

In ssl3_send_new_session_ticket the message to be sent is constructed. We
skip adding the length of the session ticket initially, then call
ssl_set_handshake_header, and finally go back and add in the length of the
ticket. Unfortunately, in DTLS, ssl_set_handshake_header also has the side
effect of buffering the message for subsequent retransmission if required.
By adding the ticket length after the call to ssl_set_handshake_header the
message that is buffered is incomplete, causing an invalid message to be
sent on retransmission.

Reviewed-by: Richard Levitte <levitte@openssl.org>

parent d5d0a1cb

ssl/s3_srvr.c

+2 −2

Original line number	Diff line number	Diff line
		@@ -3431,11 +3431,11 @@ int ssl3_send_newsession_ticket(SSL *s)
		/* Now write out lengths: p points to end of data written */
		/* Total length */
		len = p - ssl_handshake_start(s);
		if(!ssl_set_handshake_header(s, SSL3_MT_NEWSESSION_TICKET, len))
		goto err;
		/* Skip ticket lifetime hint */
		p = ssl_handshake_start(s) + 4;
		s2n(len - 6, p);
		if(!ssl_set_handshake_header(s, SSL3_MT_NEWSESSION_TICKET, len))
		goto err;
		s->state = SSL3_ST_SW_SESSION_TICKET_B;
		OPENSSL_free(senc);
		}