From: Frederik Wedel-Heinen <frederik.wedel-heinen@dencrypt.dk>
Date: Mon, 2 Oct 2023 07:49:34 +0000 (+0200)
Subject: Occupy the rec_version field of a decoded dtls record
X-Git-Tag: openssl-3.2.0-beta1~144
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=4b5b2239d8752f8dd413872057c57ef9e1a1a591;p=thirdparty%2Fopenssl.git

Occupy the rec_version field of a decoded dtls record

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22238)
---

diff --git a/ssl/record/methods/dtls_meth.c b/ssl/record/methods/dtls_meth.c
index fd89038eb0c..7205283173a 100644
--- a/ssl/record/methods/dtls_meth.c
+++ b/ssl/record/methods/dtls_meth.c
@@ -383,7 +383,6 @@ int dtls_get_more_records(OSSL_RECORD_LAYER *rl)
     size_t more, n;
     TLS_RL_RECORD *rr;
     unsigned char *p = NULL;
-    unsigned short version;
     DTLS_BITMAP *bitmap;
     unsigned int is_next_epoch;
 
@@ -438,7 +437,7 @@ int dtls_get_more_records(OSSL_RECORD_LAYER *rl)
         rr->type = *(p++);
         ssl_major = *(p++);
         ssl_minor = *(p++);
-        version = (ssl_major << 8) | ssl_minor;
+        rr->rec_version = (ssl_major << 8) | ssl_minor;
 
         /* sequence number is 64 bits, with top 2 bytes = epoch */
         n2s(p, rr->epoch);
@@ -453,7 +452,7 @@ int dtls_get_more_records(OSSL_RECORD_LAYER *rl)
          * version number (e.g. because of protocol version errors)
          */
         if (!rl->is_first_record && rr->type != SSL3_RT_ALERT) {
-            if (version != rl->version) {
+            if (rr->rec_version != rl->version) {
                 /* unexpected version, silently discard */
                 rr->length = 0;
                 rl->packet_length = 0;