From 6f1892dc3e84e016a8722cb62152ff86f788c027 Mon Sep 17 00:00:00 2001 From: jsing Date: Sat, 29 Apr 2017 23:38:49 +0000 Subject: [PATCH] Fix a bug caused by the return value being set early to signal successful DTLS cookie validation. This can mask a later failure and result in a positive return value being returned from ssl3_get_client_hello(), when it should return a negative value to propagate the error. Ironically this was introduced in OpenSSL 2e9802b7a7b with the commit message "Fix DTLS cookie management bugs". Fix based on OpenSSL. Issue reported by Nicolas Bouliane . ok beck@ --- lib/libssl/ssl_srvr.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/lib/libssl/ssl_srvr.c b/lib/libssl/ssl_srvr.c index 8ea1adf7baf..ea1aed26b38 100644 --- a/lib/libssl/ssl_srvr.c +++ b/lib/libssl/ssl_srvr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_srvr.c,v 1.14 2017/04/14 15:32:41 jsing Exp $ */ +/* $OpenBSD: ssl_srvr.c,v 1.15 2017/04/29 23:38:49 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -720,7 +720,7 @@ ssl3_get_client_hello(SSL *s) uint16_t client_version; uint8_t comp_method; int comp_null; - int i, j, ok, al, ret = -1; + int i, j, ok, al, ret = -1, cookie_valid = 0; long n; unsigned long id; unsigned char *p, *d; @@ -887,7 +887,7 @@ ssl3_get_client_hello(SSL *s) SSLerror(s, SSL_R_COOKIE_MISMATCH); goto f_err; } - ret = 2; + cookie_valid = 1; } } @@ -1059,8 +1059,8 @@ ssl3_get_client_hello(SSL *s) goto err; } - if (ret < 0) - ret = 1; + ret = cookie_valid ? 2 : 1; + if (0) { truncated: al = SSL_AD_DECODE_ERROR; -- 2.20.1