From c231ac2b0ff8272702a0dc6c88cf476b18e33162 Mon Sep 17 00:00:00 2001 From: jsing Date: Tue, 15 Jun 2021 19:09:03 +0000 Subject: [PATCH] Mop up part of dtls1_dispatch_alert(). The original DTLS code had some strange alert handling code (basically one type of alert included extra data) - a few years later this was "fixed", however the rest of the code was left as is. This means that rather than sending the alert data from send_alert (like ssl3_dispatch_alert() does), we have a local buffer on the stack, which we memset, copy the send_alert bytes into, then send from. ok inoguchi@ tb@ --- lib/libssl/d1_pkt.c | 11 ++--------- 1 file changed, 2 insertions(+), 9 deletions(-) diff --git a/lib/libssl/d1_pkt.c b/lib/libssl/d1_pkt.c index 504044d8af1..11735f0d2c7 100644 --- a/lib/libssl/d1_pkt.c +++ b/lib/libssl/d1_pkt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: d1_pkt.c,v 1.97 2021/06/11 11:13:53 jsing Exp $ */ +/* $OpenBSD: d1_pkt.c,v 1.98 2021/06/15 19:09:03 jsing Exp $ */ /* * DTLS implementation written by Nagendra Modadugu * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. @@ -1160,19 +1160,12 @@ dtls1_dispatch_alert(SSL *s) { int i, j; void (*cb)(const SSL *ssl, int type, int val) = NULL; - unsigned char buf[DTLS1_AL_HEADER_LENGTH]; - unsigned char *ptr = &buf[0]; S3I(s)->alert_dispatch = 0; - memset(buf, 0, sizeof(buf)); - *ptr++ = S3I(s)->send_alert[0]; - *ptr++ = S3I(s)->send_alert[1]; - - i = do_dtls1_write(s, SSL3_RT_ALERT, &buf[0], sizeof(buf)); + i = do_dtls1_write(s, SSL3_RT_ALERT, &S3I(s)->send_alert[0], 2); if (i <= 0) { S3I(s)->alert_dispatch = 1; - /* fprintf( stderr, "not done with alert\n" ); */ } else { if (S3I(s)->send_alert[0] == SSL3_AL_FATAL) (void)BIO_flush(s->wbio); -- 2.20.1