Skip to content
Commit 60be1157 authored by Adam Langley's avatar Adam Langley Committed by Matt Caswell
Browse files

Fix return code for truncated DTLS fragment.



Previously, a truncated DTLS fragment in
|dtls1_process_out_of_seq_message| would cause *ok to be cleared, but
the return value would still be the number of bytes read. This would
cause |dtls1_get_message| not to consider it an error and it would
continue processing as normal until the calling function noticed that
*ok was zero.

I can't see an exploit here because |dtls1_get_message| uses
|s->init_num| as the length, which will always be zero from what I can
see.

Reviewed-by: default avatarMatt Caswell <matt@openssl.org>
Reviewed-by: default avatarEmilia Käsper <emilia@openssl.org>
parent 5ee775a4
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment