feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Reject DTLS application data messages in epoch 0 as out of order.

Browse Source
This commit is contained in:
John Safranek
2020-08-14 16:27:39 -07:00
parent ef5271dd9f
commit 3be7f3ea3a
1 changed files with 4 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
src/internal.c
View File

@ -8337,9 +8337,12 @@ static int GetRecordHeader(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
} }
#ifdef WOLFSSL_DTLS #ifdef WOLFSSL_DTLS
if (IsDtlsNotSctpMode(ssl) && !DtlsCheckWindow(ssl)) { if (IsDtlsNotSctpMode(ssl)) {
if (!DtlsCheckWindow(ssl) ||
(ssl->keys.curEpoch == 0 && rh->type == application_data)) {
WOLFSSL_LEAVE("GetRecordHeader()", SEQUENCE_ERROR); WOLFSSL_LEAVE("GetRecordHeader()", SEQUENCE_ERROR);
return SEQUENCE_ERROR; return SEQUENCE_ERROR;
}
} }
#endif #endif