diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2011-10-27 13:06:52 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2011-10-27 13:06:52 +0000 |
commit | 930e801214e738d6b2166cf96d84f2a59537304a (patch) | |
tree | b004309c732f3b65749517fd8f543e77bedaccaf /ssl | |
parent | fe0e302dff0ddc0094976f4a13189e890c6667e4 (diff) | |
download | openssl-930e801214e738d6b2166cf96d84f2a59537304a.zip openssl-930e801214e738d6b2166cf96d84f2a59537304a.tar.gz openssl-930e801214e738d6b2166cf96d84f2a59537304a.tar.bz2 |
PR: 2628
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve
Send alert instead of assertion failure for incorrectly formatted DTLS
fragments.
Diffstat (limited to 'ssl')
-rw-r--r-- | ssl/d1_both.c | 15 |
1 files changed, 13 insertions, 2 deletions
diff --git a/ssl/d1_both.c b/ssl/d1_both.c index 68172a9..9f898d6 100644 --- a/ssl/d1_both.c +++ b/ssl/d1_both.c @@ -793,7 +793,13 @@ dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok) *ok = 0; return i; } - OPENSSL_assert(i == DTLS1_HM_HEADER_LENGTH); + /* Handshake fails if message header is incomplete */ + if (i != DTLS1_HM_HEADER_LENGTH) + { + al=SSL_AD_UNEXPECTED_MESSAGE; + SSLerr(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT,SSL_R_UNEXPECTED_MESSAGE); + goto f_err; + } /* parse the message fragment header */ dtls1_get_message_header(wire, &msg_hdr); @@ -865,7 +871,12 @@ dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok) /* XDTLS: an incorrectly formatted fragment should cause the * handshake to fail */ - OPENSSL_assert(i == (int)frag_len); + if (i != (int)frag_len) + { + al=SSL3_AD_ILLEGAL_PARAMETER; + SSLerr(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT,SSL3_AD_ILLEGAL_PARAMETER); + goto f_err; + } *ok = 1; |