On Sep 2, 2009, at 2:55 PM, Stephen Henson via RT wrote: >> [[email protected] - Wed Aug 26 19:49:38 2009]: >> >> This patch fixes the size of the read and write buffers which are 8 >> bytes too small for DTLS. The function ssl3_setup_buffers() is called >> to allocate the necessary memory for the read and write buffers. This >> is done in two subfunctions, ssl3_setup_read_buffer() and >> ssl3_setup_write_buffer(). Unfortuanately there is no difference >> between TLS and DTLS, although both use different record headers with >> different lengths. >> > > Patch applied to OpenSSL 1.0 and HEAD, patch doesn't apply cleanly > to 0.9.8.
Here is a modified version for 0.9.8:
--- ssl/s3_both.c 6 Aug 2009 16:23:17 -0000 1.43.2.2
+++ ssl/s3_both.c 3 Sep 2009 05:50:32 -0000
@@ -587,9 +587,14 @@
int ssl3_setup_buffers(SSL *s)
{
unsigned char *p;
- unsigned int extra;
+ unsigned int extra,headerlen;
size_t len;
+ if (SSL_version(s) == DTLS1_VERSION || SSL_version(s) ==
DTLS1_BAD_VER)
+ headerlen = DTLS1_RT_HEADER_LENGTH;
+ else
+ headerlen = SSL3_RT_HEADER_LENGTH;
+
if (s->s3->rbuf.buf == NULL)
{
if (s->options & SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER)
@@ -606,7 +611,7 @@
if (s->s3->wbuf.buf == NULL)
{
len = SSL3_RT_MAX_PACKET_SIZE;
- len += SSL3_RT_HEADER_LENGTH + 256; /* extra space for empty
fragment */
+ len += headerlen + 256; /* extra space for empty fragment */
if ((p=OPENSSL_malloc(len)) == NULL)
goto err;
s->s3->wbuf.buf = p;
dtls-recordheaderlength-bug-0.9.8.patch
Description: Binary data
