Fix a bug caused by the return value being set early to signal successful

DTLS cookie validation. This can mask a later failure and result in a positive return value being returned from ssl3_get_client_hello(), when it should return a negative value to propagate the error. Ironically this was introduced in OpenSSL 2e9802b7a7b with the commit message "Fix DTLS cookie management bugs". Fix based on OpenSSL. Issue reported by Nicolas Bouliane <nbouliane at jive dot com>. ok beck@
author: jsing <> 2017-04-29 23:38:49 +0000
committer: jsing <> 2017-04-29 23:38:49 +0000
commit: 15ac8a5d2905750a0c5228fc567414ccce869de6 (patch)
tree: cdb53bbcb885a011724e5972224f952b02be87c1 /src/lib
parent: 7b5d4df5b0310fae9805458f5669616c62f1257d (diff)
download: openbsd-15ac8a5d2905750a0c5228fc567414ccce869de6.tar.gz
openbsd-15ac8a5d2905750a0c5228fc567414ccce869de6.tar.bz2
openbsd-15ac8a5d2905750a0c5228fc567414ccce869de6.zip
1 files changed, 5 insertions, 5 deletions
diff --git a/src/lib/libssl/ssl_srvr.c b/src/lib/libssl/ssl_srvr.c
index 8ea1adf7ba..ea1aed26b3 100644
--- a/src/lib/libssl/ssl_srvr.c
+++ b/src/lib/libssl/ssl_srvr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_srvr.c,v 1.14 2017/04/14 15:32:41 jsing Exp $ */
+/* $OpenBSD: ssl_srvr.c,v 1.15 2017/04/29 23:38:49 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -720,7 +720,7 @@ ssl3_get_client_hello(SSL *s)
        uint16_t client_version;
        uint8_t comp_method;
        int comp_null;
-        int i, j, ok, al, ret = -1;
+        int i, j, ok, al, ret = -1, cookie_valid = 0;
        long n;
        unsigned long id;
        unsigned char *p, *d;
@@ -887,7 +887,7 @@ ssl3_get_client_hello(SSL *s)
                                SSLerror(s, SSL_R_COOKIE_MISMATCH);
                                goto f_err;
                        }
-                        ret = 2;
+                        cookie_valid = 1;
                }
        }
@@ -1059,8 +1059,8 @@ ssl3_get_client_hello(SSL *s)
                goto err;
        }
-        if (ret < 0)
+        ret = cookie_valid ? 2 : 1;
-                ret = 1;
        if (0) {
 truncated:
                al = SSL_AD_DECODE_ERROR;
author	jsing <>	2017-04-29 23:38:49 +0000
committer	jsing <>	2017-04-29 23:38:49 +0000
commit	15ac8a5d2905750a0c5228fc567414ccce869de6 (patch)
tree	cdb53bbcb885a011724e5972224f952b02be87c1 /src/lib
parent	7b5d4df5b0310fae9805458f5669616c62f1257d (diff)
download	openbsd-15ac8a5d2905750a0c5228fc567414ccce869de6.tar.gz openbsd-15ac8a5d2905750a0c5228fc567414ccce869de6.tar.bz2 openbsd-15ac8a5d2905750a0c5228fc567414ccce869de6.zip

diff --git a/src/lib/libssl/ssl_srvr.c b/src/lib/libssl/ssl_srvr.c index 8ea1adf7ba..ea1aed26b3 100644 --- a/src/lib/libssl/ssl_srvr.c +++ b/src/lib/libssl/ssl_srvr.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_srvr.c,v 1.14 2017/04/14 15:32:41 jsing Exp $ */	1	/* $OpenBSD: ssl_srvr.c,v 1.15 2017/04/29 23:38:49 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -720,7 +720,7 @@ ssl3_get_client_hello(SSL *s)
720	uint16_t client_version;	720	uint16_t client_version;
721	uint8_t comp_method;	721	uint8_t comp_method;
722	int comp_null;	722	int comp_null;
723	int i, j, ok, al, ret = -1;	723	int i, j, ok, al, ret = -1, cookie_valid = 0;
724	long n;	724	long n;
725	unsigned long id;	725	unsigned long id;
726	unsigned char p, d;	726	unsigned char p, d;
@@ -887,7 +887,7 @@ ssl3_get_client_hello(SSL *s)
887	SSLerror(s, SSL_R_COOKIE_MISMATCH);	887	SSLerror(s, SSL_R_COOKIE_MISMATCH);
888	goto f_err;	888	goto f_err;
889	}	889	}
890	ret = 2;	890	cookie_valid = 1;
891	}	891	}
892	}	892	}
893		893
@@ -1059,8 +1059,8 @@ ssl3_get_client_hello(SSL *s)
1059	goto err;	1059	goto err;
1060	}	1060	}
1061		1061
1062	if (ret < 0)	1062	ret = cookie_valid ? 2 : 1;
1063	ret = 1;	1063
1064	if (0) {	1064	if (0) {
1065	truncated:	1065	truncated:
1066	al = SSL_AD_DECODE_ERROR;	1066	al = SSL_AD_DECODE_ERROR;