From 52a97603591bc63b29fd94f2939cacb9c6abda4f Mon Sep 17 00:00:00 2001
From: Ingela Anderton Andin <ingela@erlang.org>
Date: Tue, 13 Jun 2017 17:14:20 +0200
Subject: ssl: Correct epoch handling

Consideration of which Epoch a message belongs to is needed in the
dtls_connection:next_record function too.
---
 lib/ssl/src/dtls_connection.erl | 19 ++++++++++++++++++-
 1 file changed, 18 insertions(+), 1 deletion(-)

(limited to 'lib/ssl')

diff --git a/lib/ssl/src/dtls_connection.erl b/lib/ssl/src/dtls_connection.erl
index f338471829..98ea8092fa 100644
--- a/lib/ssl/src/dtls_connection.erl
+++ b/lib/ssl/src/dtls_connection.erl
@@ -718,7 +718,7 @@ next_record(#state{unprocessed_handshake_events = N} = State) when N > 0 ->
 next_record(#state{protocol_buffers =
 		       #protocol_buffers{dtls_cipher_texts = [#ssl_tls{epoch = Epoch} = CT | Rest]}
 		   = Buffers,
-		   connection_states = ConnectionStates} = State) ->
+		   connection_states = #{current_read := #{epoch := Epoch}} = ConnectionStates} = State) ->
     CurrentRead = dtls_record:get_connection_state_by_epoch(Epoch, ConnectionStates, read),
     case dtls_record:replay_detect(CT, CurrentRead) of
         false ->
@@ -729,6 +729,23 @@ next_record(#state{protocol_buffers =
                                         Buffers#protocol_buffers{dtls_cipher_texts = Rest},
                                     connection_states = ConnectionStates})
     end;
+next_record(#state{protocol_buffers =
+		       #protocol_buffers{dtls_cipher_texts = [#ssl_tls{epoch = Epoch} | Rest]}
+		   = Buffers,
+		   connection_states = #{current_read := #{epoch := CurrentEpoch}} = ConnectionStates} = State) 
+  when Epoch > CurrentEpoch ->
+    %% TODO Buffer later Epoch message, drop it for now
+    next_record(State#state{protocol_buffers =
+                                Buffers#protocol_buffers{dtls_cipher_texts = Rest},
+                            connection_states = ConnectionStates});
+next_record(#state{protocol_buffers =
+		       #protocol_buffers{dtls_cipher_texts = [ _ | Rest]}
+		   = Buffers,
+		   connection_states = ConnectionStates} = State) ->
+    %% Drop old epoch message
+    next_record(State#state{protocol_buffers =
+                                Buffers#protocol_buffers{dtls_cipher_texts = Rest},
+                            connection_states = ConnectionStates});
 next_record(#state{role = server,
 		   socket = {Listener, {Client, _}},
 		   transport_cb = gen_udp} = State) -> 
-- 
cgit v1.2.3