From 7b597b5fe8cc0cd2d96106c2977bc78b01209c2e Mon Sep 17 00:00:00 2001 From: jsing Date: Sat, 4 Sep 2021 14:15:52 +0000 Subject: [PATCH] Improve DTLS record header parsing. Rather than pulling out the epoch and then six bytes of sequence number, pull out SSL3_SEQUENCE_SIZE for the sequence number, then pull the epoch off the start of the sequence number. ok inoguchi@ tb@ --- lib/libssl/d1_pkt.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/lib/libssl/d1_pkt.c b/lib/libssl/d1_pkt.c index 22f0167c750..11e6d7f8f86 100644 --- a/lib/libssl/d1_pkt.c +++ b/lib/libssl/d1_pkt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: d1_pkt.c,v 1.109 2021/08/31 13:34:55 jsing Exp $ */ +/* $OpenBSD: d1_pkt.c,v 1.110 2021/09/04 14:15:52 jsing Exp $ */ /* * DTLS implementation written by Nagendra Modadugu * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. @@ -393,18 +393,18 @@ dtls1_get_record(SSL *s) if (!CBS_get_u16(&header, &ssl_version)) goto again; - /* sequence number is 64 bits, with top 2 bytes = epoch */ - if (!CBS_get_u16(&header, &epoch) || - !CBS_get_bytes(&header, &seq_no, 6)) + /* Sequence number is 64 bits, with top 2 bytes = epoch. */ + if (!CBS_get_bytes(&header, &seq_no, SSL3_SEQUENCE_SIZE)) goto again; - - if (!CBS_get_u16(&header, &len)) + if (!CBS_get_u16(&seq_no, &epoch)) goto again; - if (!CBS_write_bytes(&seq_no, &rr->seq_num[2], sizeof(rr->seq_num) - 2, NULL)) goto again; + if (!CBS_get_u16(&header, &len)) + goto again; + rr->type = type; rr->epoch = epoch; rr->length = len; -- 2.20.1