discard unexpected buffered changecipherspec

2 files changed, 15 insertions, 1 deletions

diff --git a/lib/gnutls_buffers.c b/lib/gnutls_buffers.c
index 80b5b22039..83a4232670 100644
--- a/lib/gnutls_buffers.c
+++ b/lib/gnutls_buffers.c
@@ -115,7 +115,14 @@ mbuffer_st* bufel;
     return gnutls_assert_val(GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE);
 
   if (type != bufel->type)
-    return gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET);
+    {
+      if (IS_DTLS(session))
+        _gnutls_audit_log(session, "Discarded unexpected %s (%d) packet (expecting: %s (%d))\n",
+                    _gnutls_packet2str(bufel->type), (int)bufel->type,
+                    _gnutls_packet2str(type), (int)type);
+      _mbuffer_head_remove_bytes(&session->internals.record_buffer, msg.size);
+      return gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET);
+    }
 
   if (msg.size <= length)
     length = msg.size;
diff --git a/lib/gnutls_record.c b/lib/gnutls_record.c
index 4a75b10f99..6e4406a57a 100644
--- a/lib/gnutls_record.c
+++ b/lib/gnutls_record.c
@@ -499,6 +499,13 @@ check_buffers (gnutls_session_t session, content_type_t type,
       ret = _gnutls_record_buffer_get (type, session, data, data_size, seq);
       if (ret < 0)
         {
+          if (IS_DTLS(session))
+            {
+              if (ret == GNUTLS_E_UNEXPECTED_PACKET)
+                {
+                  ret = GNUTLS_E_AGAIN;
+                }
+            }
           gnutls_assert ();
           return ret;
         }