From 4541d0e1983fb22c8b7e4b187edd1909fa53e7de Mon Sep 17 00:00:00 2001 From: jsing <> Date: Sat, 29 Apr 2017 23:38:49 +0000 Subject: Fix a bug caused by the return value being set early to signal successful DTLS cookie validation. This can mask a later failure and result in a positive return value being returned from ssl3_get_client_hello(), when it should return a negative value to propagate the error. Ironically this was introduced in OpenSSL 2e9802b7a7b with the commit message "Fix DTLS cookie management bugs". Fix based on OpenSSL. Issue reported by Nicolas Bouliane . ok beck@ --- src/lib/libssl/ssl_srvr.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'src') diff --git a/src/lib/libssl/ssl_srvr.c b/src/lib/libssl/ssl_srvr.c index 8ea1adf7ba..ea1aed26b3 100644 --- a/src/lib/libssl/ssl_srvr.c +++ b/src/lib/libssl/ssl_srvr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_srvr.c,v 1.14 2017/04/14 15:32:41 jsing Exp $ */ +/* $OpenBSD: ssl_srvr.c,v 1.15 2017/04/29 23:38:49 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -720,7 +720,7 @@ ssl3_get_client_hello(SSL *s) uint16_t client_version; uint8_t comp_method; int comp_null; - int i, j, ok, al, ret = -1; + int i, j, ok, al, ret = -1, cookie_valid = 0; long n; unsigned long id; unsigned char *p, *d; @@ -887,7 +887,7 @@ ssl3_get_client_hello(SSL *s) SSLerror(s, SSL_R_COOKIE_MISMATCH); goto f_err; } - ret = 2; + cookie_valid = 1; } } @@ -1059,8 +1059,8 @@ ssl3_get_client_hello(SSL *s) goto err; } - if (ret < 0) - ret = 1; + ret = cookie_valid ? 2 : 1; + if (0) { truncated: al = SSL_AD_DECODE_ERROR; -- cgit v1.2.3-55-g6feb