Hi,
You're right, an OPENSSL_assert() is not an appropriate error handling here.
The connection should just be terminated with an alert. I have submitted patch
#2625 to change this. Thanks for the report!
Best regards
Robin
On Oct 13, 2011, at 1:42 AM, zhu qun-ying wrote:
> Hi,
>
> While working on DTLS, in d1_both.c:dtls1_get_message_fragment():787~866
>
> There are calls to OPENSSL_assert (line 787):
> /* read handshake message header */
> i=s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE,wire,
> DTLS1_HM_HEADER_LENGTH, 0);
> if (i <= 0) /* nbio, or an error */
> {
> s->rwstate=SSL_READING;
> *ok = 0;
> return i;
> }
> OPENSSL_assert(i == DTLS1_HM_HEADER_LENGTH);
> ...
> and line 866:
> /* XDTLS: an incorrectly formatted fragment should cause the
> * handshake to fail */
> OPENSSL_assert(i == (int)frag_len);
>
> The two calls causing program to abort when incorrectly formatted fragment is
> received. Does it really so serious that a program restart is needed?
>
> At the end of the function, there is an error label (line 904)
> f_err:
> ssl3_send_alert(s,SSL3_AL_FATAL,al);
> s->init_num = 0;
>
> *ok=0;
> return(-1);
> }
> The above two test could goto f_err in stead of aborting the whole program.
>
>
> From a user point of view, the abort is not good, it is not so an fatal error
> from my understanding. Please enlighten me if I miss something.
>
> --
> qun-ying
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> Development Mailing List [email protected]
> Automated List Manager [email protected]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [email protected]
Automated List Manager [email protected]
