diff options
| author | Jack Lloyd <[email protected]> | 2020-04-05 17:34:56 -0400 |
|---|---|---|
| committer | Jack Lloyd <[email protected]> | 2020-04-05 17:34:56 -0400 |
| commit | 389e7020f2fc24a721f102fe7b7296f3bc0d9edf (patch) | |
| tree | 389f3296d8770dd80f0caf8b556ff121dbfb60b2 | |
| parent | 25347a9b4caeef1f6259d94cd246f84982c3915d (diff) | |
| parent | 529672d15ba33f55d8440ffde23dc9329249e179 (diff) | |
Merge GH #2321 Fix undefined shift during DTLS reconnection
| -rw-r--r-- | src/lib/tls/tls_seq_numbers.h | 14 | ||||
| -rwxr-xr-x | src/scripts/ci_build.py | 8 |
2 files changed, 20 insertions, 2 deletions
diff --git a/src/lib/tls/tls_seq_numbers.h b/src/lib/tls/tls_seq_numbers.h index 64e2d0589..0a0a416f8 100644 --- a/src/lib/tls/tls_seq_numbers.h +++ b/src/lib/tls/tls_seq_numbers.h @@ -130,6 +130,7 @@ class Datagram_Sequence_Numbers final : public Connection_Sequence_Numbers if(sequence > m_window_highest) { + // We've received a later sequence which advances our window const uint64_t offset = sequence - m_window_highest; m_window_highest += offset; @@ -143,7 +144,18 @@ class Datagram_Sequence_Numbers final : public Connection_Sequence_Numbers else { const uint64_t offset = m_window_highest - sequence; - m_window_bits |= (static_cast<uint64_t>(1) << offset); + + if(offset < window_size) + { + // We've received an old sequence but still within our window + m_window_bits |= (static_cast<uint64_t>(1) << offset); + } + else + { + // This occurs only if we have reset state (DTLS reconnection case) + m_window_highest = sequence; + m_window_bits = 0; + } } } diff --git a/src/scripts/ci_build.py b/src/scripts/ci_build.py index bd6828d6e..f8712c71d 100755 --- a/src/scripts/ci_build.py +++ b/src/scripts/ci_build.py @@ -141,7 +141,13 @@ def determine_flags(target, target_os, target_cpu, target_cc, cc_bin, flags += ['--build-fuzzers=test'] if target in ['fuzzers', 'sanitizer']: - flags += ['--with-sanitizers', '--with-debug-asserts'] + flags += ['--with-debug-asserts'] + + # Can't use gcc UbSan ATM due to false positive in XMSS + if target_cc in ['clang']: + flags += ['--enable-sanitizers=address,undefined'] + else: + flags += ['--with-sanitizers'] if target in ['valgrind', 'sanitizer', 'fuzzers']: flags += ['--disable-modules=locking_allocator'] |