allow early DTLS datagrams, but drop late ones.

2012-08-28 08:55:31 -07:00 · 2012-08-28 08:55:31 -07:00 · c9625789cd
commit c9625789cd
parent 98bc1f8c46
1 changed files with 6 additions and 4 deletions
--- a/src/internal.c
+++ b/src/internal.c
@ -1544,13 +1544,15 @@ static int GetRecordHeader(CYASSL* ssl, const byte* input, word32* inOutIdx,

 #ifdef CYASSL_DTLS
    /* If DTLS, check the sequence number against expected. If out of
-     * order, drop the record. */
+     * order, drop the record. Allows newer records in and resets the
+     * expected to the next record. */
    if (ssl->options.dtls) {
        if ((ssl->keys.dtls_expected_peer_epoch ==
                                        ssl->keys.dtls_peer_epoch) &&
-                (ssl->keys.dtls_expected_peer_sequence_number ==
-                                        ssl->keys.dtls_peer_sequence_number)) {
-            ssl->keys.dtls_expected_peer_sequence_number++;
+                (ssl->keys.dtls_peer_sequence_number >=
+                                ssl->keys.dtls_expected_peer_sequence_number)) {
+            ssl->keys.dtls_expected_peer_sequence_number =
+                            ssl->keys.dtls_peer_sequence_number + 1;
        }
        else {
            return SEQUENCE_ERROR;