feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

silently drop epoch 0 messages when handshake completed

Browse Source
This commit is contained in:
John Safranek
2015-12-01 14:59:32 -08:00
parent d673a56c83
commit 5cf94166b2
1 changed files with 6 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
src/internal.c
View File

@@ -3376,8 +3376,11 @@ static int GetRecordHeader(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
} }
#ifdef WOLFSSL_DTLS #ifdef WOLFSSL_DTLS
if (ssl->options.dtls && !DtlsCheckWindow(&ssl->keys.dtls_state)) if (ssl->options.dtls &&
return SEQUENCE_ERROR; (!DtlsCheckWindow(&ssl->keys.dtls_state) ||
(ssl->options.handShakeDone && ssl->keys.dtls_state.curEpoch == 0))) {
return SEQUENCE_ERROR;
}
#endif #endif
/* catch version mismatch */ /* catch version mismatch */
@@ -7140,6 +7143,7 @@ int ProcessReply(WOLFSSL* ssl)
&ssl->curRL, &ssl->curSize); &ssl->curRL, &ssl->curSize);
#ifdef WOLFSSL_DTLS #ifdef WOLFSSL_DTLS
if (ssl->options.dtls && ret == SEQUENCE_ERROR) { if (ssl->options.dtls && ret == SEQUENCE_ERROR) {
WOLFSSL_MSG("Silently dropping out of order DTLS message");
ssl->options.processReply = doProcessInit; ssl->options.processReply = doProcessInit;
ssl->buffers.inputBuffer.length = 0; ssl->buffers.inputBuffer.length = 0;
ssl->buffers.inputBuffer.idx = 0; ssl->buffers.inputBuffer.idx = 0;