The branch OpenSSL_1_0_2-stable has been updated
via 8ed92460b7a4a2a310f1b0dde6e36f9055f5b87b (commit)
from ffcdb0e6efb6fb7033b2cd29e8cca2e2fe355c14 (commit)
- Log -----------------------------------------------------------------
commit 8ed92460b7a4a2a310f1b0dde6e36f9055f5b87b
Author: Matt Caswell <[email protected]>
Date: Tue Mar 21 16:12:37 2017 +0000
Fix BAD CCS alert in DTLS
Set the correct variable, and then actually send the alert!
Found by, and fix suggested by, Raja Ashok.
Reviewed-by: Rich Salz <[email protected]>
(Merged from https://github.com/openssl/openssl/pull/3009)
-----------------------------------------------------------------------
Summary of changes:
ssl/d1_pkt.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/ssl/d1_pkt.c b/ssl/d1_pkt.c
index 7a02459..10586fe 100644
--- a/ssl/d1_pkt.c
+++ b/ssl/d1_pkt.c
@@ -1323,9 +1323,9 @@ int dtls1_read_bytes(SSL *s, int type, unsigned char
*buf, int len, int peek)
/* XDTLS: check that epoch is consistent */
if ((rr->length != ccs_hdr_len) ||
(rr->off != 0) || (rr->data[0] != SSL3_MT_CCS)) {
- i = SSL_AD_ILLEGAL_PARAMETER;
+ al = SSL_AD_ILLEGAL_PARAMETER;
SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_BAD_CHANGE_CIPHER_SPEC);
- goto err;
+ goto f_err;
}
rr->length = 0;
_____
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
