| 1 |
|
| 2 |
http://cvs.openssl.org/chngview?cn=22037 |
| 3 |
|
| 4 |
--- ssl/d1_pkt.c 2012-01-29 10:39:58.000000000 +0000 |
| 5 |
+++ ssl/d1_pkt.c.oden 2012-01-29 10:39:45.000000000 +0000 |
| 6 |
@@ -376,6 +376,7 @@ dtls1_process_record(SSL *s) |
| 7 |
unsigned int mac_size; |
| 8 |
unsigned char md[EVP_MAX_MD_SIZE]; |
| 9 |
int decryption_failed_or_bad_record_mac = 0; |
| 10 |
+ unsigned char *mac = NULL; |
| 11 |
|
| 12 |
|
| 13 |
rr= &(s->s3->rrec); |
| 14 |
@@ -447,19 +448,15 @@ printf("\n"); |
| 15 |
#endif |
| 16 |
} |
| 17 |
/* check the MAC for rr->input (it's in mac_size bytes at the tail) */ |
| 18 |
- if (rr->length < mac_size) |
| 19 |
+ if (rr->length >= mac_size) |
| 20 |
{ |
| 21 |
-#if 0 /* OK only for stream ciphers */ |
| 22 |
- al=SSL_AD_DECODE_ERROR; |
| 23 |
- SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_LENGTH_TOO_SHORT); |
| 24 |
- goto f_err; |
| 25 |
-#else |
| 26 |
- decryption_failed_or_bad_record_mac = 1; |
| 27 |
-#endif |
| 28 |
+ rr->length -= mac_size; |
| 29 |
+ mac = &rr->data[rr->length]; |
| 30 |
} |
| 31 |
- rr->length-=mac_size; |
| 32 |
+ else |
| 33 |
+ rr->length = 0; |
| 34 |
i=s->method->ssl3_enc->mac(s,md,0); |
| 35 |
- if (i < 0 || memcmp(md,&(rr->data[rr->length]),mac_size) != 0) |
| 36 |
+ if (i < 0 || mac == NULL || memcmp(md, mac, mac_size) != 0) |
| 37 |
{ |
| 38 |
decryption_failed_or_bad_record_mac = 1; |
| 39 |
} |
Parent Directory
| 
Revision Log