Bug 1009227: discard out of order DTLS change_cipher_spec. r=wtc.

author: Eric Rescorla <?ekr@rtfm.com> 2014-06-03 18:31:07 -0700
committer: Eric Rescorla <?ekr@rtfm.com> 2014-06-03 18:31:07 -0700
commit: fae3434e291d3bf1904ac6a0c577fcc3d0f7a46a (patch)
tree: 86b70601c1835f8b3fd41b1786428bae12a1611d
parent: 75e0c93ad01cadccfa0790bcf8e3df5377a387c3 (diff)
download: nss-hg-fae3434e291d3bf1904ac6a0c577fcc3d0f7a46a.tar.gz
1 files changed, 8 insertions, 0 deletions
diff --git a/lib/ssl/ssl3con.c b/lib/ssl/ssl3con.c
index 9eda6a05d..01164e5e8 100644
--- a/lib/ssl/ssl3con.c
+++ b/lib/ssl/ssl3con.c
@@ -3497,6 +3497,14 @@ ssl3_HandleChangeCipherSpecs(sslSocket *ss, sslBuffer *buf)
 		SSL_GETPID(), ss->fd));
 
     if (ws != wait_change_cipher) {
+	if (IS_DTLS(ss)) {
+	    /* Ignore this because it's out of order. */
+	    SSL_TRC(3, ("%d: SSL3[%d]: discard out of order "
+			"DTLS change_cipher_spec",
+			SSL_GETPID(), ss->fd));
+	    buf->len = 0;
+	    return SECSuccess;
+	}
 	(void)SSL3_SendAlert(ss, alert_fatal, unexpected_message);
 	PORT_SetError(SSL_ERROR_RX_UNEXPECTED_CHANGE_CIPHER);
 	return SECFailure;
author	Eric Rescorla <?ekr@rtfm.com>	2014-06-03 18:31:07 -0700
committer	Eric Rescorla <?ekr@rtfm.com>	2014-06-03 18:31:07 -0700
commit	fae3434e291d3bf1904ac6a0c577fcc3d0f7a46a (patch)
tree	86b70601c1835f8b3fd41b1786428bae12a1611d
parent	75e0c93ad01cadccfa0790bcf8e3df5377a387c3 (diff)
download	nss-hg-fae3434e291d3bf1904ac6a0c577fcc3d0f7a46a.tar.gz