On May 17, 2009, at 6:46 PM, Stephen Henson via RT wrote: >> [steve - Sat May 16 18:28:06 2009]: >> >> Patch applied to 1.0, HEAD and 0.9.8. Thanks for the report. >> > > Patch reverted on 0.9.8, it breaks compilation. Please supply a > version > for 0.9.8. >
The 0.9.8 version:
--- ssl/d1_both.c 2009-05-18 09:57:08.000000000 +0200
+++ ssl/d1_both.c 2009-05-18 10:08:51.000000000 +0200
@@ -561,7 +561,16 @@
if ((msg_hdr->frag_off+frag_len) > msg_hdr->msg_len)
goto err;
- if (msg_hdr->seq <= s->d1->handshake_read_seq)
+ /* Try to find item in queue, to prevent duplicate entries */
+ pq_64bit_init(&seq64);
+ pq_64bit_assign_word(&seq64, msg_hdr->seq);
+ item = pqueue_find(s->d1->buffered_messages, seq64);
+ pq_64bit_free(&seq64);
+
+ /* Discard the message if sequence number was already there, is
+ * too far in the future or the fragment is already in the queue */
+ if (msg_hdr->seq <= s->d1->handshake_read_seq ||
+ msg_hdr->seq > s->d1->handshake_read_seq + 10 || item != NULL)
{
unsigned char devnull [256];
dtls-fragment-memleak-bug.patch
Description: Binary data
