wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-07-30 18:57:27 +02:00
Code Issues Packages Projects Releases Wiki Activity

internal: drops bad DTLS records on established connection

Browse Source
This commit is contained in:
Marco Oliverio
2022-08-30 09:08:44 +02:00
parent 655ac3e822
commit 05b6cb5279
1 changed files with 19 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
src/internal.c
View File

@ -18855,7 +18855,24 @@ static int HandleDTLSDecryptFailed(WOLFSSL* ssl)
WOLFSSL_MSG("DTLS: Ignoring failed decryption");
return ret;
}
#endif
static int DtlsShouldDrop(WOLFSSL* ssl, int retcode)
{
if (ssl->options.handShakeDone && !IsEncryptionOn(ssl, 0)) {
WOLFSSL_MSG("Silently dropping plaintext DTLS message "
"on established connection.");
return 1;
}
if ((ssl->options.handShakeDone && retcode != 0)
|| retcode == SEQUENCE_ERROR || retcode == DTLS_CID_ERROR) {
WOLFSSL_MSG_EX("Silently dropping DTLS message: %d", retcode);
return 1;
}
return 0;
}
#endif /* WOLFSSL_DTLS */
int ProcessReply(WOLFSSL* ssl)
{
@ -19051,16 +19068,7 @@ int ProcessReplyEx(WOLFSSL* ssl, int allowSocketErr)
&ssl->curRL, &ssl->curSize);
#ifdef WOLFSSL_DTLS
if (ssl->options.dtls) {
if ((ssl->options.handShakeDone && !IsEncryptionOn(ssl, 0))
|| ret == SEQUENCE_ERROR || ret == DTLS_CID_ERROR) {
if (ssl->options.handShakeDone && !IsEncryptionOn(ssl, 0)) {
WOLFSSL_MSG("Silently dropping plaintext DTLS message "
"on established connection.");
}
else {
WOLFSSL_MSG("Silently dropping DTLS message");
}
if (ssl->options.dtls && DtlsShouldDrop(ssl, ret)) {
ssl->options.processReply = doProcessInit;
ssl->buffers.inputBuffer.length = 0;
ssl->buffers.inputBuffer.idx = 0;
@ -19077,7 +19085,6 @@ int ProcessReplyEx(WOLFSSL* ssl, int allowSocketErr)
continue;
}
}
#endif
if (ret != 0)
return ret;