With patch #2230 a DTLS reassembly bitmask array should have been changed. Unfortunately this change was lost, so there is still a bug. Fragmented messages with lengths of multiples of 8 may not be handled correctly, because the highest byte of the bitmask will be compared to 0x00 instead of 0xff.
-Robin
--- ssl/d1_both.c 3 May 2010 13:01:50 -0000 1.14.2.21
+++ ssl/d1_both.c 23 Feb 2011 12:56:15 -0000
@@ -153,7 +153,7 @@
#endif
static unsigned char bitmask_start_values[] = {0xff, 0xfe, 0xfc, 0xf8, 0xf0,
0xe0, 0xc0, 0x80};
-static unsigned char bitmask_end_values[] = {0x00, 0x01, 0x03, 0x07, 0x0f,
0x1f, 0x3f, 0x7f};
+static unsigned char bitmask_end_values[] = {0xff, 0x01, 0x03, 0x07, 0x0f,
0x1f, 0x3f, 0x7f};
/* XDTLS: figure out the right values */
static unsigned int g_probable_mtu[] = {1500 - 28, 512 - 28, 256 - 28};
dtls-rsmbly-bitmask-bug-0.9.8.patch
Description: Binary data
dtls-rsmbly-bitmask-bug-1.0.0.patch
Description: Binary data
dtls-rsmbly-bitmask-bug-1.0.1.patch
Description: Binary data
