Hi, You're right, an OPENSSL_assert() is not an appropriate error handling here. The connection should just be terminated with an alert. I have submitted patch #2625 to change this. Thanks for the report!
Best regards Robin On Oct 13, 2011, at 1:42 AM, zhu qun-ying wrote: > Hi, > > While working on DTLS, in d1_both.c:dtls1_get_message_fragment():787~866 > > There are calls to OPENSSL_assert (line 787): > /* read handshake message header */ > i=s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE,wire, > DTLS1_HM_HEADER_LENGTH, 0); > if (i <= 0) /* nbio, or an error */ > { > s->rwstate=SSL_READING; > *ok = 0; > return i; > } > OPENSSL_assert(i == DTLS1_HM_HEADER_LENGTH); > ... > and line 866: > /* XDTLS: an incorrectly formatted fragment should cause the > * handshake to fail */ > OPENSSL_assert(i == (int)frag_len); > > The two calls causing program to abort when incorrectly formatted fragment is > received. Does it really so serious that a program restart is needed? > > At the end of the function, there is an error label (line 904) > f_err: > ssl3_send_alert(s,SSL3_AL_FATAL,al); > s->init_num = 0; > > *ok=0; > return(-1); > } > The above two test could goto f_err in stead of aborting the whole program. > > > From a user point of view, the abort is not good, it is not so an fatal error > from my understanding. Please enlighten me if I miss something. > > -- > qun-ying > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > Development Mailing List openssl-dev@openssl.org > Automated List Manager majord...@openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org