Reject DTLS application data messages in epoch 0 as out of order.

2020-08-14 16:27:39 -07:00
parent ef5271dd9f
commit 3be7f3ea3a
1 changed files with 4 additions and 1 deletions
--- a/src/internal.c
+++ b/src/internal.c
@ -8337,9 +8337,12 @@ static int GetRecordHeader(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
    }

 #ifdef WOLFSSL_DTLS
-    if (IsDtlsNotSctpMode(ssl) && !DtlsCheckWindow(ssl)) {
+    if (IsDtlsNotSctpMode(ssl)) {
+        if (!DtlsCheckWindow(ssl) ||
+                (ssl->keys.curEpoch == 0 && rh->type == application_data)) {
            WOLFSSL_LEAVE("GetRecordHeader()", SEQUENCE_ERROR);
            return SEQUENCE_ERROR;
+        }
    }
 #endif