This is a multi-part message in MIME format...

------------=_1200299479-7975-1
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit

Hi,

The alert message currently contains extra bytes in the payload.

Proposed patch below

Thanks,
Alex.


Index: ssl/d1_pkt.c
================================================== =================
RCS file: /data1/Repository/openssl/ssl/d1_pkt.c,v
retrieving revision 1.4.2.9
diff -u -w -B -b -r1.4.2.9 d1_pkt.c
--- ssl/d1_pkt.c 3 Oct 2007 10:18:06 -0000 1.4.2.9
+++ ssl/d1_pkt.c 18 Oct 2007 00:12:44 -0000
@@ -1576,7 +1576,7 @@
{
int i,j;
void (*cb)(const SSL *ssl,int type,int val)=NULL;
- unsigned char buf[2 + 2 + 3]; /* alert level + alert desc + message
seq +frag_off */
+ unsigned char buf[DTLS1_AL_HEADER_LENGTH];
unsigned char *ptr = &buf[0];

s->s3->alert_dispatch=0;
@@ -1585,6 +1585,10 @@
*ptr++ = s->s3->send_alert[0];
*ptr++ = s->s3->send_alert[1];

+#if 0
+ /* XXX: this is a possible improvement in the future */
+ /* now check if it's a missing record */
+
if (s->s3->send_alert[1] == DTLS1_AD_MISSING_HANDSHAKE_MESSAGE)
{
s2n(s->d1->handshake_read_seq, ptr);
@@ -1600,6 +1604,7 @@
#endif
l2n3(s->d1->r_msg_hdr.frag_off, ptr);
}
+#endif

i = do_dtls1_write(s, SSL3_RT_ALERT, &buf[0], sizeof(buf), 0);
if (i <= 0)
Index: ssl/dtls1.h
================================================== =================
RCS file: /data1/Repository/openssl/ssl/dtls1.h,v
retrieving revision 1.4.2.3
diff -u -w -B -b -r1.4.2.3 dtls1.h
--- ssl/dtls1.h 1 Oct 2007 06:28:48 -0000 1.4.2.3
+++ ssl/dtls1.h 18 Oct 2007 00:12:12 -0000
@@ -84,7 +84,8 @@

#define DTLS1_CCS_HEADER_LENGTH 1

-#define DTLS1_AL_HEADER_LENGTH 7
+#define DTLS1_AL_HEADER_LENGTH 2
+ /* 7 if we later support DTLS1_AD_MISSING_HANDSHAKE_MESSAGE */


typedef struct dtls1_bitmap_st


------------=_1200299479-7975-1
Content-Type: text/html; charset="ISO-8859-1"
Content-Disposition: inline
Content-Transfer-Encoding: 7bit
RT-Attachment: 1632/18348/7768

Hi,

The alert message currently contains extra bytes in the payload.

Proposed patch below

Thanks,
Alex.


Index: ssl/d1_pkt.c
================================================== =================

RCS file: /data1/Repository/openssl/ssl/d1_pkt.c,v
retrieving revision 1.4.2.9
diff -u -w -B -b -r1.4.2.9 d1_pkt.c
--- ssl/d1_pkt.c        3 Oct 2007 10:18:06 -0000      
1.4.2.9

+++ ssl/d1_pkt.c        18 Oct 2007 00:12:44 -0000
@@ -1576,7 +1576,7 @@
        {
        int i,j;
        void (*cb)(const SSL *ssl,int type,int val)=NULL;
-       unsigned char buf[2 + 2 + 3]; /* alert level + alert desc + message seq +frag_off */

+       unsigned char buf[DTLS1_AL_HEADER_LENGTH];
        unsigned char *ptr = &buf[0];

        s->s3->alert_dispatch=0;
@@ -1585,6 +1585,10 @@
        *ptr++ = s->s3->send_alert[0];

        *ptr++ = s->s3->send_alert[1];

+#if 0
+            /* XXX: this is a possible improvement in the future */
+                       /* now check if it's a missing record */
+
        if (s->s3->send_alert[1] == DTLS1_AD_MISSING_HANDSHAKE_MESSAGE)

                {
                s2n(s->d1->handshake_read_seq, ptr);
@@ -1600,6 +1604,7 @@
 #endif
                l2n3(s->d1->r_msg_hdr.frag_off, ptr);
                }
+#endif


        i = do_dtls1_write(s, SSL3_RT_ALERT, &buf[0], sizeof(buf), 0);
        if (i <= 0)
Index: ssl/dtls1.h
================================================== =================
RCS file: /data1/Repository/openssl/ssl/dtls1.h,v

retrieving revision 1.4.2.3
diff -u -w -B -b -r1.4.2.3 dtls1.h
--- ssl/dtls1.h 1 Oct 2007 06:28:48 -0000       1.4.2.3
+++ ssl/dtls1.h 18 Oct 2007 00:12:12 -0000

@@ -84,7 +84,8 @@

 #define DTLS1_CCS_HEADER_LENGTH                  1

-#define DTLS1_AL_HEADER_LENGTH                   7
+#define DTLS1_AL_HEADER_LENGTH                   2
+    /* 7 if we later support DTLS1_AD_MISSING_HANDSHAKE_MESSAGE */



 typedef struct dtls1_bitmap_st



------------=_1200299479-7975-1--
__________________________________________________ ____________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majordomo@openssl.org