diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2010-04-06 12:44:55 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2010-04-06 12:44:55 +0000 |
commit | 6dfd3cf68e025fdbd917b3f4ade63bcee64e09cd (patch) | |
tree | e1f56758ae0228c2e1d3449e151f223921cb22a5 /ssl/d1_pkt.c | |
parent | 073775cbbbd7628b8bdee682a865c43e7a88e462 (diff) |
PR: 2218
Submitted By: Robin Seggelmann <seggelmann@fh-muenster.de>
Fixes for DTLS replay bug.
Diffstat (limited to 'ssl/d1_pkt.c')
-rw-r--r-- | ssl/d1_pkt.c | 12 |
1 files changed, 6 insertions, 6 deletions
diff --git a/ssl/d1_pkt.c b/ssl/d1_pkt.c index 54235f283a..20d24b6fd8 100644 --- a/ssl/d1_pkt.c +++ b/ssl/d1_pkt.c @@ -667,14 +667,14 @@ again: if (rr->length == 0) goto again; /* If this record is from the next epoch (either HM or ALERT), - * buffer it since it cannot be processed at this time. Records - * from the next epoch are marked as received even though they - * are not processed, so as to prevent any potential resource - * DoS attack */ + * and a handshake is currently in progress, buffer it since it + * cannot be processed at this time. */ if (is_next_epoch) { - dtls1_record_bitmap_update(s, bitmap); - dtls1_buffer_record(s, &(s->d1->unprocessed_rcds), rr->seq_num); + if (SSL_in_init(s) || s->in_handshake) + { + dtls1_buffer_record(s, &(s->d1->unprocessed_rcds), rr->seq_num); + } rr->length = 0; s->packet_length = 0; goto again; |