From c9625789cda48747fb26a738bbdbc8d2de25fbb6 Mon Sep 17 00:00:00 2001 From: John Safranek Date: Tue, 28 Aug 2012 08:55:31 -0700 Subject: [PATCH] allow early DTLS datagrams, but drop late ones. --- src/internal.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/src/internal.c b/src/internal.c index 03f0218ed..7ed29d6af 100644 --- a/src/internal.c +++ b/src/internal.c @@ -1544,13 +1544,15 @@ static int GetRecordHeader(CYASSL* ssl, const byte* input, word32* inOutIdx, #ifdef CYASSL_DTLS /* If DTLS, check the sequence number against expected. If out of - * order, drop the record. */ + * order, drop the record. Allows newer records in and resets the + * expected to the next record. */ if (ssl->options.dtls) { if ((ssl->keys.dtls_expected_peer_epoch == ssl->keys.dtls_peer_epoch) && - (ssl->keys.dtls_expected_peer_sequence_number == - ssl->keys.dtls_peer_sequence_number)) { - ssl->keys.dtls_expected_peer_sequence_number++; + (ssl->keys.dtls_peer_sequence_number >= + ssl->keys.dtls_expected_peer_sequence_number)) { + ssl->keys.dtls_expected_peer_sequence_number = + ssl->keys.dtls_peer_sequence_number + 1; } else { return SEQUENCE_ERROR;