From: jsing Date: Sat, 29 Apr 2017 23:38:49 +0000 (+0000) Subject: Fix a bug caused by the return value being set early to signal successful X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=6f1892dc3e84e016a8722cb62152ff86f788c027;p=openbsd Fix a bug caused by the return value being set early to signal successful DTLS cookie validation. This can mask a later failure and result in a positive return value being returned from ssl3_get_client_hello(), when it should return a negative value to propagate the error. Ironically this was introduced in OpenSSL 2e9802b7a7b with the commit message "Fix DTLS cookie management bugs". Fix based on OpenSSL. Issue reported by Nicolas Bouliane . ok beck@ --- diff --git a/lib/libssl/ssl_srvr.c b/lib/libssl/ssl_srvr.c index 8ea1adf7baf..ea1aed26b38 100644 --- a/lib/libssl/ssl_srvr.c +++ b/lib/libssl/ssl_srvr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_srvr.c,v 1.14 2017/04/14 15:32:41 jsing Exp $ */ +/* $OpenBSD: ssl_srvr.c,v 1.15 2017/04/29 23:38:49 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -720,7 +720,7 @@ ssl3_get_client_hello(SSL *s) uint16_t client_version; uint8_t comp_method; int comp_null; - int i, j, ok, al, ret = -1; + int i, j, ok, al, ret = -1, cookie_valid = 0; long n; unsigned long id; unsigned char *p, *d; @@ -887,7 +887,7 @@ ssl3_get_client_hello(SSL *s) SSLerror(s, SSL_R_COOKIE_MISMATCH); goto f_err; } - ret = 2; + cookie_valid = 1; } } @@ -1059,8 +1059,8 @@ ssl3_get_client_hello(SSL *s) goto err; } - if (ret < 0) - ret = 1; + ret = cookie_valid ? 2 : 1; + if (0) { truncated: al = SSL_AD_DECODE_ERROR;