diff options
author | Eric Rescorla <?ekr@rtfm.com> | 2014-06-03 18:31:07 -0700 |
---|---|---|
committer | Eric Rescorla <?ekr@rtfm.com> | 2014-06-03 18:31:07 -0700 |
commit | fae3434e291d3bf1904ac6a0c577fcc3d0f7a46a (patch) | |
tree | 86b70601c1835f8b3fd41b1786428bae12a1611d | |
parent | 75e0c93ad01cadccfa0790bcf8e3df5377a387c3 (diff) | |
download | nss-hg-fae3434e291d3bf1904ac6a0c577fcc3d0f7a46a.tar.gz |
Bug 1009227: discard out of order DTLS change_cipher_spec. r=wtc.
-rw-r--r-- | lib/ssl/ssl3con.c | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/lib/ssl/ssl3con.c b/lib/ssl/ssl3con.c index 9eda6a05d..01164e5e8 100644 --- a/lib/ssl/ssl3con.c +++ b/lib/ssl/ssl3con.c @@ -3497,6 +3497,14 @@ ssl3_HandleChangeCipherSpecs(sslSocket *ss, sslBuffer *buf) SSL_GETPID(), ss->fd)); if (ws != wait_change_cipher) { + if (IS_DTLS(ss)) { + /* Ignore this because it's out of order. */ + SSL_TRC(3, ("%d: SSL3[%d]: discard out of order " + "DTLS change_cipher_spec", + SSL_GETPID(), ss->fd)); + buf->len = 0; + return SECSuccess; + } (void)SSL3_SendAlert(ss, alert_fatal, unexpected_message); PORT_SetError(SSL_ERROR_RX_UNEXPECTED_CHANGE_CIPHER); return SECFailure; |