MFC.OPENBSD_6_0

Fix a bug caused by the return value being set early to signal successful DTLS cookie validation. This can mask a later failure and result in a positive return value being returned from ssl3_get_client_hello(), when it should return a negative value to propagate the error. ok beck@
author: jsing <> 2017-04-30 00:06:09 +0000
committer: jsing <> 2017-04-30 00:06:09 +0000
commit: 70e7e288dc641f2011fd1150479419de2e3e0e4a (patch)
tree: a76f326dd44459a0f495e6733d51491653a4faf3
parent: f319f250a309eb73664f1042f428e97d05d6c19e (diff)
download: openbsd-OPENBSD_6_0.tar.gz
openbsd-OPENBSD_6_0.tar.bz2
openbsd-OPENBSD_6_0.zip
1 files changed, 5 insertions, 5 deletions
diff --git a/src/lib/libssl/src/ssl/s3_srvr.c b/src/lib/libssl/src/ssl/s3_srvr.c
index e7be71cefb..e4f85bbad2 100644
--- a/src/lib/libssl/src/ssl/s3_srvr.c
+++ b/src/lib/libssl/src/ssl/s3_srvr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_srvr.c,v 1.126.2.1 2016/10/03 11:23:13 bcook Exp $ */
+/* $OpenBSD: s3_srvr.c,v 1.126.2.2 2017/04/30 00:06:09 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -721,7 +721,7 @@ ssl3_send_hello_request(SSL *s)
 int
 ssl3_get_client_hello(SSL *s)
 {
-        int i, j, ok, al, ret = -1;
+        int i, j, ok, al, ret = -1, cookie_valid = 0;
        unsigned int cookie_len;
        long n;
        unsigned long id;
@@ -887,7 +887,7 @@ ssl3_get_client_hello(SSL *s)
                                goto f_err;
                        }
-                        ret = 2;
+                        cookie_valid = 1;
                }
                p += cookie_len;
@@ -1070,8 +1070,8 @@ ssl3_get_client_hello(SSL *s)
                goto err;
        }
-        if (ret < 0)
+        ret = cookie_valid ? 2 : 1;
-                ret = 1;
        if (0) {
 truncated:
                al = SSL_AD_DECODE_ERROR;
author	jsing <>	2017-04-30 00:06:09 +0000
committer	jsing <>	2017-04-30 00:06:09 +0000
commit	70e7e288dc641f2011fd1150479419de2e3e0e4a (patch)
tree	a76f326dd44459a0f495e6733d51491653a4faf3
parent	f319f250a309eb73664f1042f428e97d05d6c19e (diff)
download	openbsd-OPENBSD_6_0.tar.gz openbsd-OPENBSD_6_0.tar.bz2 openbsd-OPENBSD_6_0.zip

diff --git a/src/lib/libssl/src/ssl/s3_srvr.c b/src/lib/libssl/src/ssl/s3_srvr.c index e7be71cefb..e4f85bbad2 100644 --- a/src/lib/libssl/src/ssl/s3_srvr.c +++ b/src/lib/libssl/src/ssl/s3_srvr.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: s3_srvr.c,v 1.126.2.1 2016/10/03 11:23:13 bcook Exp $ */	1	/* $OpenBSD: s3_srvr.c,v 1.126.2.2 2017/04/30 00:06:09 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -721,7 +721,7 @@ ssl3_send_hello_request(SSL *s)
721	int	721	int
722	ssl3_get_client_hello(SSL *s)	722	ssl3_get_client_hello(SSL *s)
723	{	723	{
724	int i, j, ok, al, ret = -1;	724	int i, j, ok, al, ret = -1, cookie_valid = 0;
725	unsigned int cookie_len;	725	unsigned int cookie_len;
726	long n;	726	long n;
727	unsigned long id;	727	unsigned long id;
@@ -887,7 +887,7 @@ ssl3_get_client_hello(SSL *s)
887	goto f_err;	887	goto f_err;
888	}	888	}
889		889
890	ret = 2;	890	cookie_valid = 1;
891	}	891	}
892		892
893	p += cookie_len;	893	p += cookie_len;
@@ -1070,8 +1070,8 @@ ssl3_get_client_hello(SSL *s)
1070	goto err;	1070	goto err;
1071	}	1071	}
1072		1072
1073	if (ret < 0)	1073	ret = cookie_valid ? 2 : 1;
1074	ret = 1;	1074
1075	if (0) {	1075	if (0) {
1076	truncated:	1076	truncated:
1077	al = SSL_AD_DECODE_ERROR;	1077	al = SSL_AD_DECODE_ERROR;