diff --git a/src/wolfio.c b/src/wolfio.c index 78206fb89..3881fd2bc 100644 --- a/src/wolfio.c +++ b/src/wolfio.c @@ -320,6 +320,53 @@ int EmbedSend(WOLFSSL* ssl, char *buf, int sz, void *ctx) #define SENDTO_FUNCTION sendto #define RECVFROM_FUNCTION recvfrom +static int sockAddrEqual( + SOCKADDR_S *a, XSOCKLENT aLen, SOCKADDR_S *b, XSOCKLENT bLen) +{ + if (aLen != bLen) + return 0; + + if (a->ss_family != b->ss_family) + return 0; + + if (a->ss_family == AF_INET) { + + if (aLen < sizeof(SOCKADDR_IN)) + return 0; + + if (((SOCKADDR_IN*)a)->sin_port != ((SOCKADDR_IN*)b)->sin_port) + return 0; + + if (((SOCKADDR_IN*)a)->sin_addr.s_addr != + ((SOCKADDR_IN*)b)->sin_addr.s_addr) + return 0; + + return 1; + } + +#ifdef WOLFSSL_IPV6 + if (a->ss_family == AF_INET6) { + SOCKADDR_IN6 *a6, *b6; + + if (aLen < sizeof(SOCKADDR_IN6)) + return 0; + + a6 = (SOCKADDR_IN6*)a; + b6 = (SOCKADDR_IN6*)b; + + if (((SOCKADDR_IN6*)a)->sin6_port != ((SOCKADDR_IN6*)b)->sin6_port) + return 0; + + if (XMEMCMP((void*)&a6->sin6_addr, (void*)&b6->sin6_addr, + sizeof(a6->sin6_addr)) != 0) + return 0; + + return 1; + } +#endif /* WOLFSSL_HAVE_IPV6 */ + + return 0; +} /* The receive embedded callback * return : nb bytes read, or error @@ -381,9 +428,10 @@ int EmbedReceiveFrom(WOLFSSL *ssl, char *buf, int sz, void *ctx) return recvd; } else { - if (dtlsCtx->peer.sz > 0 - && peerSz != (XSOCKLENT)dtlsCtx->peer.sz - && XMEMCMP(&peer, dtlsCtx->peer.sa, peerSz) != 0) { + if (dtlsCtx->peer.sz > 0 && + (peerSz != (XSOCKLENT)dtlsCtx->peer.sz || + !sockAddrEqual(&peer, peerSz, (SOCKADDR_S*)dtlsCtx->peer.sa, + dtlsCtx->peer.sz))) { WOLFSSL_MSG(" Ignored packet from invalid peer"); return WOLFSSL_CBIO_ERR_WANT_READ; }