|
 |
1b2890 |
diff -up openssl-1.0.1e/ssl/d1_both.c.dtls-memleak openssl-1.0.1e/ssl/d1_both.c
|
|
|
1b2890 |
--- openssl-1.0.1e/ssl/d1_both.c.dtls-memleak 2014-08-07 17:51:18.457493922 +0200
|
|
|
1b2890 |
+++ openssl-1.0.1e/ssl/d1_both.c 2014-08-07 17:58:28.478558785 +0200
|
|
|
1b2890 |
@@ -610,6 +610,9 @@ dtls1_reassemble_fragment(SSL *s, struct
|
|
|
1b2890 |
msg_hdr->msg_len > dtls1_max_handshake_message_len(s))
|
|
|
1b2890 |
goto err;
|
|
|
1b2890 |
|
|
|
1b2890 |
+ if (frag_len == 0)
|
|
|
1b2890 |
+ return DTLS1_HM_FRAGMENT_RETRY;
|
|
|
1b2890 |
+
|
|
|
1b2890 |
/* Try to find item in queue */
|
|
|
1b2890 |
memset(seq64be,0,sizeof(seq64be));
|
|
|
1b2890 |
seq64be[6] = (unsigned char) (msg_hdr->seq>>8);
|
|
|
1b2890 |
@@ -686,7 +689,12 @@ dtls1_reassemble_fragment(SSL *s, struct
|
|
|
1b2890 |
i = -1;
|
|
|
1b2890 |
}
|
|
|
1b2890 |
|
|
|
1b2890 |
- pqueue_insert(s->d1->buffered_messages, item);
|
|
|
1b2890 |
+ item = pqueue_insert(s->d1->buffered_messages, item);
|
|
|
1b2890 |
+ /* pqueue_insert fails iff a duplicate item is inserted.
|
|
|
1b2890 |
+ * However, |item| cannot be a duplicate. If it were,
|
|
|
1b2890 |
+ * |pqueue_find|, above, would have returned it and control
|
|
|
1b2890 |
+ * would never have reached this branch. */
|
|
|
1b2890 |
+ OPENSSL_assert(item != NULL);
|
|
|
1b2890 |
}
|
|
|
1b2890 |
|
|
|
1b2890 |
return DTLS1_HM_FRAGMENT_RETRY;
|
|
|
1b2890 |
@@ -744,7 +752,7 @@ dtls1_process_out_of_seq_message(SSL *s,
|
|
|
1b2890 |
}
|
|
|
1b2890 |
else
|
|
|
1b2890 |
{
|
|
|
1b2890 |
- if (frag_len && frag_len < msg_hdr->msg_len)
|
|
|
1b2890 |
+ if (frag_len < msg_hdr->msg_len)
|
|
|
1b2890 |
return dtls1_reassemble_fragment(s, msg_hdr, ok);
|
|
|
1b2890 |
|
|
|
1b2890 |
if (frag_len > dtls1_max_handshake_message_len(s))
|
|
|
1b2890 |
@@ -773,7 +781,15 @@ dtls1_process_out_of_seq_message(SSL *s,
|
|
|
1b2890 |
if ( item == NULL)
|
|
|
1b2890 |
goto err;
|
|
|
1b2890 |
|
|
|
1b2890 |
- pqueue_insert(s->d1->buffered_messages, item);
|
|
|
1b2890 |
+ item = pqueue_insert(s->d1->buffered_messages, item);
|
|
|
1b2890 |
+ /* pqueue_insert fails iff a duplicate item is inserted.
|
|
|
1b2890 |
+ * However, |item| cannot be a duplicate. If it were,
|
|
|
1b2890 |
+ * |pqueue_find|, above, would have returned it. Then, either
|
|
|
1b2890 |
+ * |frag_len| != |msg_hdr->msg_len| in which case |item| is set
|
|
|
1b2890 |
+ * to NULL and it will have been processed with
|
|
|
1b2890 |
+ * |dtls1_reassemble_fragment|, above, or the record will have
|
|
|
1b2890 |
+ * been discarded. */
|
|
|
1b2890 |
+ OPENSSL_assert(item != NULL);
|
|
|
1b2890 |
}
|
|
|
1b2890 |
|
|
|
1b2890 |
return DTLS1_HM_FRAGMENT_RETRY;
|