Closed Bug 1296513 Opened 8 years ago Closed 8 years ago

DTLS record with a large sequence number gap causes DTLS to spin

Categories

(NSS :: Libraries, defect)

Product:
NSS
Component:
Libraries
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED DUPLICATE of bug 1296514

People

(Reporter: mt, Unassigned)

Details

Attachments

(1 file)

gap.patch
4.99 KB, patch
Details | Diff | Splinter Review 
Say that we expect to receive packet number 3.  If we instead receive packet 2^48-1, we will scroll the receive window forward one octet at a time:

http://searchfox.org/nss/rev/462a77115abebd0f3cd9cb56dbc350a25b9be706/lib/ssl/dtlscon.c#1130

I believe that it's possible to trigger this code with an unauthenticated packet.  That might only happen during the handshake, but I first ran into this with encrypted packets.

Without the patch, the test for DTLS 1.0, which uses AES, takes 5s on my machine.  I'm not patient enough to wait for the ChaCha one.
Looks like something went wrong here. Closing this as duplicate.
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → DUPLICATE
Group: crypto-core-security
QA Contact: jjones
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: