Add record processing limit to DTLS code.

This is effectively the same record processing limit that was previously added to the legacy TLS stack - without this a single session can be made to spin on a stream of alerts or other similar records. ok beck@ tb@
author: jsing <> 2021-10-25 10:14:48 +0000
committer: jsing <> 2021-10-25 10:14:48 +0000
commit: e3f2ec519b25cefd4a104b2b27e0831a9b500067 (patch)
tree: 72099adc9016a30359e826e49affebd213eae6cd /src/lib/libssl/ssl_pkt.c
parent: ca06f0eb8077fb22dbd7cd11aa65d4c1e3b1c452 (diff)
download: openbsd-e3f2ec519b25cefd4a104b2b27e0831a9b500067.tar.gz
openbsd-e3f2ec519b25cefd4a104b2b27e0831a9b500067.tar.bz2
openbsd-e3f2ec519b25cefd4a104b2b27e0831a9b500067.zip
1 files changed, 3 insertions, 2 deletions
diff --git a/src/lib/libssl/ssl_pkt.c b/src/lib/libssl/ssl_pkt.c
index 8a5f97e5c7..e3101eefba 100644
--- a/src/lib/libssl/ssl_pkt.c
+++ b/src/lib/libssl/ssl_pkt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_pkt.c,v 1.51 2021/10/25 10:09:28 jsing Exp $ */
+/* $OpenBSD: ssl_pkt.c,v 1.52 2021/10/25 10:14:48 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -715,7 +715,8 @@ ssl3_write_pending(SSL *s, int type, const unsigned char *buf, unsigned int len)
 int
 ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
 {
-        int al, i, ret, rrcount = 0;
+        int al, i, ret;
+        int rrcount = 0;
        unsigned int n;
        SSL3_RECORD_INTERNAL *rr;
author	jsing <>	2021-10-25 10:14:48 +0000
committer	jsing <>	2021-10-25 10:14:48 +0000
commit	e3f2ec519b25cefd4a104b2b27e0831a9b500067 (patch)
tree	72099adc9016a30359e826e49affebd213eae6cd /src/lib/libssl/ssl_pkt.c
parent	ca06f0eb8077fb22dbd7cd11aa65d4c1e3b1c452 (diff)
download	openbsd-e3f2ec519b25cefd4a104b2b27e0831a9b500067.tar.gz openbsd-e3f2ec519b25cefd4a104b2b27e0831a9b500067.tar.bz2 openbsd-e3f2ec519b25cefd4a104b2b27e0831a9b500067.zip