@@ -461,6 +461,16 @@ private List<ProtocolMessage> processDtlsFragments(List<DtlsHandshakeMessageFrag
461461 // meaning a handshake message can be parsed from it
462462 if (fragmentedMessage != null ) {
463463 context .setDtlsCurrentReceiveSequenceNumber (fragmentedMessage .getMessageSeq ().getValue ());
464+
465+ // we update the message cache with the fragmented message and information to detect duplicates
466+ DtlsMessageInformation info = new DtlsMessageInformation (epoch , fragmentedMessage .getMessageSeq ()
467+ .getValue ());
468+ boolean isDuplicate = context .getDtlsMessageCache ().hasMessage (fragmentedMessage , info );
469+ if (!isDuplicate ) {
470+ // in the cache we keep complete fragmented messages in order to determine whether
471+ // a fragment is a duplicate
472+ context .getDtlsMessageCache ().addMessage (fragmentedMessage , info );
473+ }
464474
465475 // we check if the assembled fragment is in-order, and if so,
466476 // process it (aka parse message, add it to list, remove
@@ -470,9 +480,6 @@ private List<ProtocolMessage> processDtlsFragments(List<DtlsHandshakeMessageFrag
470480 && fragment .getMessageSeq ().getValue () == context .getDtlsNextReceiveSequenceNumber ()) {
471481 manager .clearFragmentedMessage (fragmentedMessage .getMessageSeq ().getValue (), epoch );
472482 HandshakeMessage message = processFragmentedMessage (fragmentedMessage , context , true );
473- DtlsMessageInformation info = new DtlsMessageInformation (epoch , fragmentedMessage .getMessageSeq ()
474- .getValue ());
475- context .getDtlsMessageCache ().addMessage (message , info );
476483 messages .add (message );
477484 dtlsInfos .add (info );
478485 if (message .getHandshakeMessageType () == HandshakeMessageType .FINISHED ) {
@@ -488,23 +495,21 @@ private List<ProtocolMessage> processDtlsFragments(List<DtlsHandshakeMessageFrag
488495 // the dtlsExcludeOutOfOrder option which allows TLS-Attacker to
489496 // omit messages out-of-order
490497 else {
491- HandshakeMessage message = processFragmentedMessage (fragmentedMessage , context , context .getConfig ()
492- .isDtlsUpdateOnOutOfOrder ());
493- manager .clearFragmentedMessage (fragmentedMessage .getMessageSeq ().getValue (), epoch );
494- if (!context .getConfig ().isDtlsExcludeOutOfOrder ()) {
495- DtlsMessageInformation info = new DtlsMessageInformation (epoch , fragmentedMessage
496- .getMessageSeq ().getValue ());
497-
498- // if the exclude duplicate option is disabled, or the
499- // message is not a duplicate
500- // w.r.t. bytes, epoch and sequence number
501- if (!context .getConfig ().isDtlsExcludeDuplicates ()
502- || !context .getDtlsMessageCache ().hasMessage (message , info )) {
503- context .getDtlsMessageCache ().addMessage (message , info );
504- messages .add (message );
505- dtlsInfos .add (info );
506- }
507- }
498+ // we process the message if the exclude duplicate option is disabled or the message is not a duplicate
499+ // w.r.t. bytes, epoch and sequence number
500+ // otherwise we ignore it
501+ if (!context .getConfig ().isDtlsExcludeDuplicates () || !isDuplicate ) {
502+ HandshakeMessage message =
503+ processFragmentedMessage (fragmentedMessage , context ,
504+ context .getConfig ().isDtlsUpdateOnOutOfOrder ());
505+ manager .clearFragmentedMessage (fragmentedMessage .getMessageSeq ().getValue (), epoch );
506+ if (!context .getConfig ().isDtlsExcludeOutOfOrder ()) {
507+ messages .add (message );
508+ dtlsInfos .add (info );
509+ }
510+ } else {
511+ // ignore duplicate
512+ }
508513 }
509514 }
510515 }
0 commit comments