From: Joshua Rogers <MegaManSec@users.noreply.github.com>
Date: Wed, 8 Oct 2025 07:31:18 +0000 (+0800)
Subject: Disallow Message sequence number 2 in DTLSv1_listen
X-Git-Tag: 3.6-PRE-CLANG-FORMAT-WEBKIT~119
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=90983aa07f76970f651798c8c16fdafbbda2bd6a;p=thirdparty%2Fopenssl.git

Disallow Message sequence number 2 in DTLSv1_listen

Signed-off-by: Joshua Rogers <MegaManSec@users.noreply.github.com>

Reviewed-by: Frederik Wedel-Heinen <fwh.openssl@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28788)

(cherry picked from commit dc242b16954552c7589a6c2ea829c2a888878f27)
---

diff --git a/ssl/d1_lib.c b/ssl/d1_lib.c
index f20c8ac157a..0e39518abc7 100644
--- a/ssl/d1_lib.c
+++ b/ssl/d1_lib.c
@@ -573,7 +573,7 @@ int DTLSv1_listen(SSL *ssl, BIO_ADDR *client)
         }
 
         /* Message sequence number can only be 0 or 1 */
-        if (msgseq > 2) {
+        if (msgseq > 1) {
             ERR_raise(ERR_LIB_SSL, SSL_R_INVALID_SEQUENCE_NUMBER);
             goto end;
         }