Skip to content
Browse files
Fix Seg fault in DTLSv1_listen
The DTLSv1_listen function is intended to be stateless and processes
the initial ClientHello from many peers. It is common for user code to
loop over the call to DTLSv1_listen until a valid ClientHello is received
with an associated cookie. A defect in the implementation of DTLSv1_listen
means that state is preserved in the SSL object from one invokation to the
next that can lead to a segmentation fault. Erorrs processing the initial
ClientHello can trigger this scenario. An example of such an error could
be that a DTLS1.0 only client is attempting to connect to a DTLS1.2 only


Reviewed-by: Richard Levitte <>
  • Loading branch information
mattcaswell committed Mar 19, 2015
1 parent 1d2a18d commit e83ee04bb7de800cdb71d522fa562e99328003a3
Showing with 3 additions and 0 deletions.
  1. +3 −0 ssl/d1_lib.c
@@ -546,6 +546,9 @@ int dtls1_listen(SSL *s, struct sockaddr *client)
int ret;

/* Ensure there is no state left over from a previous invocation */

s->d1->listen = 1;

0 comments on commit e83ee04

Please sign in to comment.