The branch master has been updated via 2f2d6e3e3ccd1ae7bba9f1af62f97dfca986e083 (commit) from 55386bef807c7edd0f1db036c0ed464b28a61d68 (commit)
- Log ----------------------------------------------------------------- commit 2f2d6e3e3ccd1ae7bba9f1af62f97dfca986e083 Author: Matt Caswell <m...@openssl.org> Date: Wed Sep 28 14:12:26 2016 +0100 Fix an Uninit read in DTLS If we have a handshake fragment waiting then dtls1_read_bytes() was not correctly setting the value of recvd_type, leading to an uninit read. Reviewed-by: Rich Salz <rs...@openssl.org> ----------------------------------------------------------------------- Summary of changes: ssl/record/rec_layer_d1.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/ssl/record/rec_layer_d1.c b/ssl/record/rec_layer_d1.c index 2455c2b..1d16319 100644 --- a/ssl/record/rec_layer_d1.c +++ b/ssl/record/rec_layer_d1.c @@ -359,8 +359,10 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, /* * check whether there's a handshake message (client hello?) waiting */ - if ((ret = have_handshake_fragment(s, type, buf, len))) + if ((ret = have_handshake_fragment(s, type, buf, len))) { + *recvd_type = SSL3_RT_HANDSHAKE; return ret; + } /* * Now s->rlayer.d->handshake_fragment_len == 0 if _____ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits