From baacd8d4e5d1f1a2d6e34e725b3975dcef595414 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Sat, 4 Jul 2009 11:38:40 +0000 Subject: [PATCH] PR: 1981 Submitted by: Robin Seggelmann Approved by: steve@openssl.org DTLS record header bugfix. --- ssl/d1_pkt.c | 23 ++++++++++++----------- 1 file changed, 12 insertions(+), 11 deletions(-) diff --git a/ssl/d1_pkt.c b/ssl/d1_pkt.c index 35e83d8b52..a9404492dd 100644 --- a/ssl/d1_pkt.c +++ b/ssl/d1_pkt.c @@ -586,26 +586,27 @@ again: { if (version != s->version) { - SSLerr(SSL_F_DTLS1_GET_RECORD,SSL_R_WRONG_VERSION_NUMBER); - /* Send back error using their - * version number :-) */ - s->version=version; - al=SSL_AD_PROTOCOL_VERSION; - goto f_err; + /* unexpected version, silently discard */ + rr->length = 0; + s->packet_length = 0; + goto again; } } if ((version & 0xff00) != (s->version & 0xff00)) { - SSLerr(SSL_F_DTLS1_GET_RECORD,SSL_R_WRONG_VERSION_NUMBER); - goto err; + /* wrong version, silently discard record */ + rr->length = 0; + s->packet_length = 0; + goto again; } if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH) { - al=SSL_AD_RECORD_OVERFLOW; - SSLerr(SSL_F_DTLS1_GET_RECORD,SSL_R_PACKET_LENGTH_TOO_LONG); - goto f_err; + /* record too long, silently discard it */ + rr->length = 0; + s->packet_length = 0; + goto again; } /* now s->rstate == SSL_ST_READ_BODY */ -- 2.40.0