Does anyone know the status of this patch? The problem still exists in the openssl-0.9.8 stable tree (and I believe in the head/0.9.9 tree as well).
The patch still applies; attached is an updated version. - Ariel -- - Ariel Salomon / Senior Software Engineer Real-Time Innovations (RTI) / www.rti.com 408 200-4739 / [EMAIL PROTECTED] RTI - The Real-Time Middleware Experts
Index: ssl/d1_both.c =================================================================== RCS file: /home/local/cvsroot/usermodules/ariel/openssl/ssl/d1_both.c,v retrieving revision 1.4.2.4 diff -u -r1.4.2.4 d1_both.c --- ssl/d1_both.c 30 Sep 2007 21:20:59 -0000 1.4.2.4 +++ ssl/d1_both.c 4 Oct 2007 00:54:17 -0000 @@ -725,11 +725,12 @@ /* case (3): received a immediately useful fragment. Determine the * possible overlap and copy the fragment. */ - overlap = (s->init_num - DTLS1_HM_HEADER_LENGTH) - frag_off; /* retain the header for the first fragment */ if ( s->init_num > DTLS1_HM_HEADER_LENGTH) { + s->init_num -= DTLS1_HM_HEADER_LENGTH; + overlap = (s->init_num - DTLS1_HM_HEADER_LENGTH) - frag_off; memmove(&(s->init_buf->data[s->init_num]), &(s->init_buf->data[s->init_num + DTLS1_HM_HEADER_LENGTH + overlap]), frag_len - overlap); @@ -737,7 +738,10 @@ s->init_num += frag_len - overlap; } else + { + overlap = 0; s->init_num += frag_len; + } dtls1_process_handshake_fragment(s, frag_len - overlap);