From b0ec464bfa2c8c81e3a2ee2db952f8bda67505b9 Mon Sep 17 00:00:00 2001
From: Peter Dettman <peter.dettman@bouncycastle.org>
Date: Sat, 9 Mar 2019 20:27:57 +0700
Subject: DTLS: Guard against epoch wrapping

---
 crypto/src/crypto/tls/DtlsEpoch.cs | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/crypto/src/crypto/tls/DtlsEpoch.cs b/crypto/src/crypto/tls/DtlsEpoch.cs
index 91fffa5e1..af14035ce 100644
--- a/crypto/src/crypto/tls/DtlsEpoch.cs
+++ b/crypto/src/crypto/tls/DtlsEpoch.cs
@@ -24,8 +24,13 @@ namespace Org.BouncyCastle.Crypto.Tls
 
         internal long AllocateSequenceNumber()
         {
-            // TODO Check for overflow
-            return mSequenceNumber++;
+            lock (this)
+            {
+                if (mSequenceNumber >= (1L << 48))
+                    throw new TlsFatalAlert(AlertDescription.internal_error);
+
+                return mSequenceNumber++;
+            }
         }
 
         internal TlsCipher Cipher
@@ -45,7 +50,7 @@ namespace Org.BouncyCastle.Crypto.Tls
 
         internal long SequenceNumber
         {
-            get { return mSequenceNumber; }
+            get { lock(this) return mSequenceNumber; }
         }
     }
 }
-- 
cgit 1.4.1