Skip to content

GitLab

T
tangled
Commit 3e1f7738 authored by wtc@chromium.org's avatar wtc@chromium.org
Browse files
Options

Ignore out-of-order DTLS ChangeCipherSpec. 

Apply Eric Rescorla's patch from upstream NSS:
https://bugzilla.mozilla.org/show_bug.cgi?id=1009227

R=agl@chromium.org,ekr@rtfm.com
BUG=369855

Review URL: https://codereview.chromium.org/319573002

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@275389 0039d316-1c4b-4281-b951-d872f2087c98
parent 976606b8
Hide whitespace changes
Inline Side-by-side
Showing with 31 additions and 0 deletions
net/third_party/nss/README.chromium
View file @ 3e1f7738
......@@ -105,6 +105,10 @@ Patches:
intolerant to the final extension having zero length.
patches/reorderextensions.patch
* Ignore out-of-order DTLS ChangeCipherSpec.
patches/ignorechangecipherspec.patch
https://bugzilla.mozilla.org/show_bug.cgi?id=1009227
Apply the patches to NSS by running the patches/applypatches.sh script. Read
the comments at the top of patches/applypatches.sh for instructions.
......
net/third_party/nss/patches/ignorechangecipherspec.patch 0 → 100644
View file @ 3e1f7738
Index: ssl/ssl3con.c
===================================================================
--- ssl/ssl3con.c (revision 274314)
+++ ssl/ssl3con.c (working copy)
@@ -3621,6 +3621,14 @@
SSL_GETPID(), ss->fd));
if (ws != wait_change_cipher) {
+ if (IS_DTLS(ss)) {
+ /* Ignore this because it's out of order. */
+ SSL_TRC(3, ("%d: SSL3[%d]: discard out of order "
+ "DTLS change_cipher_spec",
+ SSL_GETPID(), ss->fd));
+ buf->len = 0;
+ return SECSuccess;
+ }
(void)SSL3_SendAlert(ss, alert_fatal, unexpected_message);
PORT_SetError(SSL_ERROR_RX_UNEXPECTED_CHANGE_CIPHER);
return SECFailure;
net/third_party/nss/ssl/ssl3con.c
View file @ 3e1f7738
......@@ -3621,6 +3621,14 @@ ssl3_HandleChangeCipherSpecs(sslSocket *ss, sslBuffer *buf)
SSL_GETPID(), ss->fd));
if (ws != wait_change_cipher) {
if (IS_DTLS(ss)) {
/* Ignore this because it's out of order. */
SSL_TRC(3, ("%d: SSL3[%d]: discard out of order "
"DTLS change_cipher_spec",
SSL_GETPID(), ss->fd));
buf->len = 0;
return SECSuccess;
}
(void)SSL3_SendAlert(ss, alert_fatal, unexpected_message);
PORT_SetError(SSL_ERROR_RX_UNEXPECTED_CHANGE_CIPHER);
return SECFailure;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment