Fix write failure handling in DTLS1.2

The DTLS code is supposed to drop packets if we try to write them out but the underlying BIO write buffers are full. ssl3_write_pending() contains an incorrect test for DTLS that controls this. The test only checks for DTLS1 so DTLS1.2 does not correctly clear the internal OpenSSL buffer which can later cause an assert to be hit. This commit changes the test to cover all DTLS versions. RT#3967 Reviewed-by: Tim Hudson <tjh@openssl.org> (cherry picked from commit 5e8b24d)
openssl · Jul 30, 2015 · 9e43fe9 · 9e43fe9
1 parent 374fd38
commit 9e43fe9
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c
@@ -1115,7 +1115,7 @@ int ssl3_write_pending(SSL *s, int type, const unsigned char *buf,
             s->rwstate = SSL_NOTHING;
             return (s->s3->wpend_ret);
         } else if (i <= 0) {
-            if (s->version == DTLS1_VERSION || s->version == DTLS1_BAD_VER) {
+            if (SSL_IS_DTLS(s)) {
                 /*
                  * For DTLS, just drop it. That's kind of the whole point in
                  * using a datagram service