From d3d9eef31661633f5b003a9e115c1822f79d1870 Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Tue, 2 Dec 2014 00:16:55 +0000 Subject: [PATCH] If we really get a situation where the underlying mtu is less than the minimum we will support then dtls1_do_write can go into an infinite loop. This commit fixes that. Reviewed-by: Tim Hudson --- ssl/d1_both.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/ssl/d1_both.c b/ssl/d1_both.c index 808d4d14eb..c5957bd612 100644 --- a/ssl/d1_both.c +++ b/ssl/d1_both.c @@ -260,6 +260,7 @@ int dtls1_do_write(SSL *s, int type) { int ret; int curr_mtu; + int retry = 1; unsigned int len, frag_off, mac_size, blocksize; if(!dtls1_query_mtu(s)) @@ -370,13 +371,15 @@ int dtls1_do_write(SSL *s, int type) * is fine and wait for an alert to handle the * retransmit */ - if ( BIO_ctrl(SSL_get_wbio(s), + if ( retry && BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_MTU_EXCEEDED, 0, NULL) > 0 ) { if(!(SSL_get_options(s) & SSL_OP_NO_QUERY_MTU)) { if(!dtls1_query_mtu(s)) return -1; + /* Have one more go */ + retry = 0; } else return -1; -- 2.40.0