From 527e43312b5c8483664095a6593080962d0b2424 Mon Sep 17 00:00:00 2001 From: jsing <> Date: Sat, 26 Mar 2022 15:00:51 +0000 Subject: Remove the minimum record length checks from dtls1_read_bytes() The code that handles each record type already has appropriate length checks. Furthermore, the handling of application data here is likely incorrect and bypasses the normal state checks at the end of this function. ok inoguchi@ tb@ --- src/lib/libssl/d1_pkt.c | 33 +-------------------------------- 1 file changed, 1 insertion(+), 32 deletions(-) (limited to 'src') diff --git a/src/lib/libssl/d1_pkt.c b/src/lib/libssl/d1_pkt.c index 9072315e72..f17608608e 100644 --- a/src/lib/libssl/d1_pkt.c +++ b/src/lib/libssl/d1_pkt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: d1_pkt.c,v 1.121 2022/03/18 18:00:54 jsing Exp $ */ +/* $OpenBSD: d1_pkt.c,v 1.122 2022/03/26 15:00:51 jsing Exp $ */ /* * DTLS implementation written by Nagendra Modadugu * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. @@ -826,37 +826,6 @@ dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) * message, then it was unexpected (Hello Request or Client Hello). */ - { - unsigned int record_min_len = 0; - - if (rr->type == SSL3_RT_HANDSHAKE) { - record_min_len = DTLS1_HM_HEADER_LENGTH; - } else if (rr->type == SSL3_RT_ALERT) { - record_min_len = DTLS1_AL_HEADER_LENGTH; - } else if (rr->type == SSL3_RT_CHANGE_CIPHER_SPEC) { - record_min_len = DTLS1_CCS_HEADER_LENGTH; - } else if (rr->type == SSL3_RT_APPLICATION_DATA) { - /* - * Application data while renegotiating is allowed. - * Try reading again. - */ - s->s3->in_read_app_data = 2; - ssl_force_want_read(s); - return -1; - } else { - /* Not certain if this is the right error handling */ - al = SSL_AD_UNEXPECTED_MESSAGE; - SSLerror(s, SSL_R_UNEXPECTED_RECORD); - goto fatal_err; - } - - if (record_min_len > 0 && rr->length < record_min_len) { - s->internal->rstate = SSL_ST_READ_HEADER; - rr->length = 0; - goto start; - } - } - if (rr->type == SSL3_RT_ALERT) { if ((ret = ssl3_read_alert(s)) <= 0) return ret; -- cgit v1.2.3-55-g6feb