DTLS didn't handle alerts correctly.

PR: 1632

DTLS didn't handle alerts correctly.
PR: 1632
d4938995 · Andy Polyakov · 492279f6 · d4938995 · d4938995
隐藏空白更改
内联并排

Showing with 14 addition and 1 deletion

ssl/d1_pkt.c ssl/d1_pkt.c +9 -1

ssl/dtls1.h ssl/dtls1.h +5 -0

未找到文件。
--- a/ssl/d1_pkt.c
+++ b/ssl/d1_pkt.c
@@ -850,6 +850,14 @@ start:
             *  may be fragmented--don't always expect dest_maxlen bytes */
 			if ( rr->length < dest_maxlen)
 				{
+#ifdef DTLS1_AD_MISSING_HANDSHAKE_MESSAGE
+				/*
+				 * for normal alerts rr->length is 2, while
+				 * dest_maxlen is 7 if we were to handle this
+				 * non-existing alert...
+				 */
+				FIX ME
+#endif
 				s->rstate=SSL_ST_READ_HEADER;
 				rr->length = 0;
 				goto start;
@@ -1546,7 +1554,7 @@ int dtls1_dispatch_alert(SSL *s)
 	{
 	int i,j;
 	void (*cb)(const SSL *ssl,int type,int val)=NULL;
-	unsigned char buf[2 + 2 + 3]; /* alert level + alert desc + message seq +frag_off */
+	unsigned char buf[DTLS1_AL_HEADER_LENGTH];
 	unsigned char *ptr = &buf[0];

 	s->s3->alert_dispatch=0;

--- a/ssl/dtls1.h
+++ b/ssl/dtls1.h
@@ -70,6 +70,7 @@ extern "C" {
 #define DTLS1_VERSION			0xFEFF

 #if 0
+/* this alert description is not specified anywhere... */
 #define DTLS1_AD_MISSING_HANDSHAKE_MESSAGE    110
 #endif

@@ -85,7 +86,11 @@ extern "C" {

 #define DTLS1_CCS_HEADER_LENGTH                  1

+#ifdef DTLS1_AD_MISSING_HANDSHAKE_MESSAGE
 #define DTLS1_AL_HEADER_LENGTH                   7
+#else
+#define DTLS1_AL_HEADER_LENGTH                   2
+#endif


 typedef struct dtls1_bitmap_st