summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorsthen <>2014-06-05 20:12:13 +0000
committersthen <>2014-06-05 20:12:13 +0000
commit2c69ba1586afb1f474d34f169579b728e9ace142 (patch)
tree69939f2638ada0fb70f3d917fa71dcda1124d4d0
parentf94fd45381de3d4235a09fae7679b375ae4d37c9 (diff)
downloadopenbsd-2c69ba1586afb1f474d34f169579b728e9ace142.tar.gz
openbsd-2c69ba1586afb1f474d34f169579b728e9ace142.tar.bz2
openbsd-2c69ba1586afb1f474d34f169579b728e9ace142.zip
MFC DTLS "Hello Request" fix (CVE-2014-0221)
"Do not recurse when a 'Hello Request' message is received while getting DTLS fragments. A stream of 'Hello Request' messages will result in infinite recursion, eventually crashing the DTLS client or server. Fixes CVE-2014-0221, from OpenSSL. Reported to OpenSSL by Imre Rad." From d1_both.c r1.20
Diffstat
-rw-r--r--src/lib/libssl/src/ssl/d1_both.c4
1 files changed, 2 insertions, 2 deletions
diff --git a/src/lib/libssl/src/ssl/d1_both.c b/src/lib/libssl/src/ssl/d1_both.c
index e4b718efa7..94ff9a2d14 100644
--- a/src/lib/libssl/src/ssl/d1_both.c
+++ b/src/lib/libssl/src/ssl/d1_both.c
@@ -784,6 +784,7 @@ dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok)
784 int i,al; 784 int i,al;
785 struct hm_header_st msg_hdr; 785 struct hm_header_st msg_hdr;
786 786
787again:
787 /* see if we have the required fragment already */ 788 /* see if we have the required fragment already */
788 if ((frag_len = dtls1_retrieve_buffered_fragment(s,max,ok)) || *ok) 789 if ((frag_len = dtls1_retrieve_buffered_fragment(s,max,ok)) || *ok)
789 { 790 {
@@ -842,8 +843,7 @@ dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok)
842 s->msg_callback_arg); 843 s->msg_callback_arg);
843 844
844 s->init_num = 0; 845 s->init_num = 0;
845 return dtls1_get_message_fragment(s, st1, stn, 846 goto again;
846 max, ok);
847 } 847 }
848 else /* Incorrectly formated Hello request */ 848 else /* Incorrectly formated Hello request */
849 { 849 {
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-08-14 09:48:33 +0000