From fbb0b701e4d6ee7c5cd30394ddde8cf1e4def5d7 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 26 May 2017 16:55:07 +0100 Subject: [PATCH] Corrupt application data in the beginning instead of the end in UDP proxy The UDP proxy corrupts application data at the end of the datagram. If there are multiple DTLS records within the same datagram, this leads to the wrong message being corrupted. This commit always corrupts the beginning of the message to prevent this. Overall, the UDP proxy needs reworking if it is supposed to reliably support multiple records within a single datagram, because it determines its actions from the type of the first record in the current datagram only. --- programs/test/udp_proxy.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/programs/test/udp_proxy.c b/programs/test/udp_proxy.c index bb5537ff1..c978f9047 100644 --- a/programs/test/udp_proxy.c +++ b/programs/test/udp_proxy.c @@ -418,9 +418,17 @@ int send_packet( const packet *p, const char *why ) { unsigned char buf[MAX_MSG_SIZE]; memcpy( buf, p->buf, p->len ); - ++buf[p->len - 1]; - print_packet( p, "corrupted" ); + if( p->len <= 13 ) + { + mbedtls_printf( " ! can't corrupt empty AD record" ); + } + else + { + ++buf[13]; + print_packet( p, "corrupted" ); + } + if( ( ret = dispatch_data( dst, buf, p->len ) ) <= 0 ) { mbedtls_printf( " ! dispatch returned %d\n", ret );