From: Alexander Sosedkin <asosedkin@redhat.com>
Date: Mon, 20 Apr 2026 14:32:02 +0000 (+0200)
Subject: buffers: match DTLS datagrams by sequence number
X-Git-Tag: 3.8.13^2~79
X-Git-Url: http://git.ipfire.org/gitweb/index.cgi?a=commitdiff_plain;h=092c65d004e2f125f2fea3db84d801ac49a09f78;p=thirdparty%2Fgnutls.git

buffers: match DTLS datagrams by sequence number

DTLS handshake fragment reassembly previously matched incoming fragments
by handshake type only, without checking the sequence number.
This allowed fragments from different handshake messages
to be merged into the same reassembly buffer.

Now sequence number is accounted for during reassembly,
ensuring fragments are only merged when they belong
to the same handshake message.

Reported-by: Zou Dikai
Fixes: #1839
Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>
---

diff --git a/lib/buffers.c b/lib/buffers.c
index 5d4d162768..62f140ed3c 100644
--- a/lib/buffers.c
+++ b/lib/buffers.c
@@ -971,7 +971,8 @@ static int merge_handshake_packet(gnutls_session_t session,
 		session->internals.handshake_recv_buffer;
 
 	for (i = 0; i < session->internals.handshake_recv_buffer_size; i++) {
-		if (recv_buf[i].htype == hsk->htype) {
+		if (recv_buf[i].htype == hsk->htype &&
+		    recv_buf[i].sequence == hsk->sequence) {
 			exists = 1;
 			pos = i;
 			break;