mirror of https://github.com/wolfSSL/wolfssl
allow early DTLS datagrams, but drop late ones.
This commit is contained in:
parent
98bc1f8c46
commit
c9625789cd
|
@ -1544,13 +1544,15 @@ static int GetRecordHeader(CYASSL* ssl, const byte* input, word32* inOutIdx,
|
||||||
|
|
||||||
#ifdef CYASSL_DTLS
|
#ifdef CYASSL_DTLS
|
||||||
/* If DTLS, check the sequence number against expected. If out of
|
/* If DTLS, check the sequence number against expected. If out of
|
||||||
* order, drop the record. */
|
* order, drop the record. Allows newer records in and resets the
|
||||||
|
* expected to the next record. */
|
||||||
if (ssl->options.dtls) {
|
if (ssl->options.dtls) {
|
||||||
if ((ssl->keys.dtls_expected_peer_epoch ==
|
if ((ssl->keys.dtls_expected_peer_epoch ==
|
||||||
ssl->keys.dtls_peer_epoch) &&
|
ssl->keys.dtls_peer_epoch) &&
|
||||||
(ssl->keys.dtls_expected_peer_sequence_number ==
|
(ssl->keys.dtls_peer_sequence_number >=
|
||||||
ssl->keys.dtls_peer_sequence_number)) {
|
ssl->keys.dtls_expected_peer_sequence_number)) {
|
||||||
ssl->keys.dtls_expected_peer_sequence_number++;
|
ssl->keys.dtls_expected_peer_sequence_number =
|
||||||
|
ssl->keys.dtls_peer_sequence_number + 1;
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
return SEQUENCE_ERROR;
|
return SEQUENCE_ERROR;
|
||||||
|
|
Loading…
Reference in New Issue