From 767c69561bbda2cbc1f3e74fb7b8f38a89843578 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= <mpg@elzevir.fr>
Date: Sat, 20 Sep 2014 10:04:00 +0200
Subject: [PATCH] Drop out-of-sequence ChangeCipherSpec messages

---
 library/ssl_tls.c | 16 +++++++++++++++-
 1 file changed, 15 insertions(+), 1 deletion(-)

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 5472b4d08..6c89fbe99 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -2637,7 +2637,7 @@ static int ssl_prepare_handshake_record( ssl_context *ssl )
             }
             else
             {
-                SSL_DEBUG_MSG( 2, ( "dropping out-of-order message: "
+                SSL_DEBUG_MSG( 2, ( "dropping out-of-sequence message: "
                                     "message_seq = %d, expected = %d",
                                     recv_msg_seq,
                                     ssl->handshake->in_msg_seq ) );
@@ -3017,6 +3017,20 @@ read_record_header:
         }
     }
 
+#if defined(POLARSSL_SSL_PROTO_DTLS)
+    if( ssl->transport == SSL_TRANSPORT_DATAGRAM )
+    {
+        /* Drop unexpected ChangeCipherSpec messages */
+        if( ssl->in_msgtype == SSL_MSG_CHANGE_CIPHER_SPEC &&
+            ssl->state != SSL_CLIENT_CHANGE_CIPHER_SPEC &&
+            ssl->state != SSL_SERVER_CHANGE_CIPHER_SPEC )
+        {
+            SSL_DEBUG_MSG( 2, ( "dropping unexpected ChangeCipherSpec" ) );
+            return( POLARSSL_ERR_NET_WANT_READ );
+        }
+    }
+#endif
+
     SSL_DEBUG_MSG( 2, ( "<= read record" ) );
 
     return( 0 );