wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-07-31 11:17:29 +02:00
Code Issues Packages Projects Releases Wiki Activity

skip the sanity check on a duplicate change cipher spec message in DTLS mode, they are allowed

Browse Source
This commit is contained in:
John Safranek
2015-08-08 23:52:32 -07:00
parent e16ff73273
commit 106abb873f
1 changed files with 16 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
src/internal.c
View File

@@ -6686,6 +6686,22 @@ int ProcessReply(WOLFSSL* ssl)
} }
#endif #endif
/* Check for duplicate CCS message in DTLS mode.
* DTLS allows for duplicate messages, and it should be
* skipped. */
if (ssl->options.dtls &&
ssl->msgsReceived.got_change_cipher) {
WOLFSSL_MSG("Duplicate ChangeCipher msg");
if (ssl->curSize != 1) {
WOLFSSL_MSG("Malicious or corrupted"
" duplicate ChangeCipher msg");
return LENGTH_ERROR;
}
ssl->buffers.inputBuffer.idx++;
break;
}
ret = SanityCheckMsgReceived(ssl, change_cipher_hs); ret = SanityCheckMsgReceived(ssl, change_cipher_hs);
if (ret != 0) if (ret != 0)
return ret; return ret;