From 3cb65c223764579e3383e488c6ba16661f64e70d Mon Sep 17 00:00:00 2001 From: jsing Date: Sat, 26 Mar 2022 15:00:51 +0000 Subject: [PATCH] Remove the minimum record length checks from dtls1_read_bytes() The code that handles each record type already has appropriate length checks. Furthermore, the handling of application data here is likely incorrect and bypasses the normal state checks at the end of this function. ok inoguchi@ tb@ --- lib/libssl/d1_pkt.c | 33 +-------------------------------- 1 file changed, 1 insertion(+), 32 deletions(-) diff --git a/lib/libssl/d1_pkt.c b/lib/libssl/d1_pkt.c index 9072315e72f..f17608608e5 100644 --- a/lib/libssl/d1_pkt.c +++ b/lib/libssl/d1_pkt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: d1_pkt.c,v 1.121 2022/03/18 18:00:54 jsing Exp $ */ +/* $OpenBSD: d1_pkt.c,v 1.122 2022/03/26 15:00:51 jsing Exp $ */ /* * DTLS implementation written by Nagendra Modadugu * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. @@ -826,37 +826,6 @@ dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) * message, then it was unexpected (Hello Request or Client Hello). */ - { - unsigned int record_min_len = 0; - - if (rr->type == SSL3_RT_HANDSHAKE) { - record_min_len = DTLS1_HM_HEADER_LENGTH; - } else if (rr->type == SSL3_RT_ALERT) { - record_min_len = DTLS1_AL_HEADER_LENGTH; - } else if (rr->type == SSL3_RT_CHANGE_CIPHER_SPEC) { - record_min_len = DTLS1_CCS_HEADER_LENGTH; - } else if (rr->type == SSL3_RT_APPLICATION_DATA) { - /* - * Application data while renegotiating is allowed. - * Try reading again. - */ - s->s3->in_read_app_data = 2; - ssl_force_want_read(s); - return -1; - } else { - /* Not certain if this is the right error handling */ - al = SSL_AD_UNEXPECTED_MESSAGE; - SSLerror(s, SSL_R_UNEXPECTED_RECORD); - goto fatal_err; - } - - if (record_min_len > 0 && rr->length < record_min_len) { - s->internal->rstate = SSL_ST_READ_HEADER; - rr->length = 0; - goto start; - } - } - if (rr->type == SSL3_RT_ALERT) { if ((ret = ssl3_read_alert(s)) <= 0) return ret; -- 2.20.1