From: noctuelles <plouvel@student.42.fr>
Date: Thu, 29 May 2025 19:01:21 +0000 (+0200)
Subject: fix: msg callback in dtls1_do_write that incorrectly shows message (like a certificat... 
X-Git-Tag: openssl-3.3.4~4
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=42f5471e6287e7b4836db6e99baa07fc6dac2bcd;p=thirdparty%2Fopenssl.git

fix: msg callback in dtls1_do_write that incorrectly shows message (like a certificate) that spans over multiple fragments.

Reviewed-by: Paul Yang <paulyang.inf@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27811)

(cherry picked from commit de5a619aa015e7c8648e415975e5e2b722b2cbf7)
---

diff --git a/ssl/statem/statem_dtls.c b/ssl/statem/statem_dtls.c
index 92d17e0f20d..62a170065f8 100644
--- a/ssl/statem/statem_dtls.c
+++ b/ssl/statem/statem_dtls.c
@@ -15,9 +15,6 @@
 #include "statem_local.h"
 #include "internal/cryptlib.h"
 #include <openssl/buffer.h>
-#include <openssl/objects.h>
-#include <openssl/evp.h>
-#include <openssl/x509.h>
 
 #define RSMBLY_BITMASK_SIZE(msg_len) (((msg_len) + 7) / 8)
 
@@ -113,6 +110,7 @@ int dtls1_do_write(SSL_CONNECTION *s, uint8_t type)
     size_t len, frag_off, overhead, used_len;
     SSL *ssl = SSL_CONNECTION_GET_SSL(s);
     SSL *ussl = SSL_CONNECTION_GET_USER_SSL(s);
+    uint8_t saved_payload[DTLS1_HM_HEADER_LENGTH];
 
     if (!dtls1_query_mtu(s))
         return -1;
@@ -215,6 +213,15 @@ int dtls1_do_write(SSL_CONNECTION *s, uint8_t type)
             }
             dtls1_fix_message_header(s, frag_off, len - DTLS1_HM_HEADER_LENGTH);
 
+            /*
+             * Save the data that will be overwritten by
+             * dtls1_write_messsage_header so no corruption occurs when using
+             * a msg callback.
+             */
+            if (s->msg_callback && s->init_off != 0)
+                memcpy(saved_payload, &s->init_buf->data[s->init_off],
+                       sizeof(saved_payload));
+
             dtls1_write_message_header(s,
                                        (unsigned char *)&s->init_buf->
                                        data[s->init_off]);
@@ -222,6 +229,11 @@ int dtls1_do_write(SSL_CONNECTION *s, uint8_t type)
 
         ret = dtls1_write_bytes(s, type, &s->init_buf->data[s->init_off], len,
                                 &written);
+
+        if (type == SSL3_RT_HANDSHAKE && s->msg_callback && s->init_off != 0)
+            memcpy(&s->init_buf->data[s->init_off], saved_payload,
+                   sizeof(saved_payload));
+
         if (ret <= 0) {
             /*
              * might need to update MTU here, but we don't know which
@@ -294,7 +306,7 @@ int dtls1_do_write(SSL_CONNECTION *s, uint8_t type)
             if (written == s->init_num) {
                 if (s->msg_callback)
                     s->msg_callback(1, s->version, type, s->init_buf->data,
-                                    (size_t)(s->init_off + s->init_num), ussl,
+                                    s->init_off + s->init_num, ussl,
                                     s->msg_callback_arg);
 
                 s->init_off = 0; /* done writing this message */