Skip to content
Commit 98377858 authored by Matt Caswell's avatar Matt Caswell
Browse files

Clear state in DTLSv1_listen

This is a backport of commit e83ee04b

 from
the master branch (and this has also been applied to 1.0.2). In 1.0.2 this
was CVE-2015-0207. For other branches there is no known security issue, but
this is being backported as a precautionary measure.

The DTLSv1_listen function is intended to be stateless and processes
the initial ClientHello from many peers. It is common for user code to
loop over the call to DTLSv1_listen until a valid ClientHello is received
with an associated cookie. A defect in the implementation of DTLSv1_listen
means that state is preserved in the SSL object from one invokation to the
next.

Reviewed-by: default avatarRichard Levitte <levitte@openssl.org>
(cherry picked from commit cce3e4ad)
parent aaa654d6
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment