git.ipfire.org Git - thirdparty/openssl.git/commit

author	Matt Caswell <matt@openssl.org>
	Tue, 9 Oct 2018 09:22:06 +0000 (10:22 +0100)
committer	Matt Caswell <matt@openssl.org>
	Fri, 19 Oct 2018 13:25:22 +0000 (14:25 +0100)
commit	079ef6bd534d2f708d8013cfcd8ea0d2f600c788
tree	0b3b3f18818b62a6bf03a143a90a74745b9b2fc0	tree \| snapshot
parent	2fc4c77c3f06443f4c476f6f58d83e5e108d1dce	commit \| diff

Buffer a ClientHello with a cookie received via DTLSv1_listen

Previously when a ClientHello arrives with a valid cookie using
DTLSv1_listen() we only "peeked" at the message and left it on the
underlying fd. This works fine for single threaded applications but for
multi-threaded apps this does not work since the fd is typically reused for
the server thread, while a new fd is created and connected for the client.
By "peeking" we leave the message on the server fd, and consequently we
think we've received another valid ClientHello and so we create yet another
fd for the client, and so on until we run out of fds.

In this new approach we remove the ClientHello and buffer it in the SSL
object.

Fixes #6934

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/7375)

ssl/d1_lib.c		diff \| blob \| blame \| history
ssl/record/record.h		diff \| blob \| blame \| history
ssl/record/ssl3_record.c		diff \| blob \| blame \| history