From e8cce0babef182f70944a74025a8ec4f9a7b2167 Mon Sep 17 00:00:00 2001
From: "Dr. Stephen Henson" <steve@openssl.org>
Date: Fri, 4 Sep 2009 16:42:17 +0000
Subject: [PATCH] PR: 2022 Submitted by: Robin Seggelmann
 <seggelmann@fh-muenster.de> Approved by: steve@openssl.org

Fix DTLS record header length bug.
---
 ssl/s3_both.c | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/ssl/s3_both.c b/ssl/s3_both.c
index c8a79f47b5..4042d13274 100644
--- a/ssl/s3_both.c
+++ b/ssl/s3_both.c
@@ -587,9 +587,14 @@ int ssl_verify_alarm_type(long type)
 int ssl3_setup_buffers(SSL *s)
 	{
 	unsigned char *p;
-	unsigned int extra;
+	unsigned int extra,headerlen;
 	size_t len;
 
+	if (SSL_version(s) == DTLS1_VERSION || SSL_version(s) == DTLS1_BAD_VER)
+		headerlen = DTLS1_RT_HEADER_LENGTH;
+	else
+		headerlen = SSL3_RT_HEADER_LENGTH;
+
 	if (s->s3->rbuf.buf == NULL)
 		{
 		if (s->options & SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER)
@@ -606,7 +611,7 @@ int ssl3_setup_buffers(SSL *s)
 	if (s->s3->wbuf.buf == NULL)
 		{
 		len = SSL3_RT_MAX_PACKET_SIZE;
-		len += SSL3_RT_HEADER_LENGTH + 256; /* extra space for empty fragment */
+		len += headerlen + 256; /* extra space for empty fragment */
 		if ((p=OPENSSL_malloc(len)) == NULL)
 			goto err;
 		s->s3->wbuf.buf = p;
-- 
2.40.0