+++ /dev/null
-http://rt.openssl.org/Ticket/Display.html?id=1931&user=guest&pass=guest
-
---- a/crypto/pqueue/pqueue.c
-+++ b/crypto/pqueue/pqueue.c
-@@ -234,3 +234,17 @@ pqueue_next(pitem **item)
-
- return ret;
- }
-+
-+int
-+pqueue_size(pqueue_s *pq)
-+{
-+ pitem *item = pq->items;
-+ int count = 0;
-+
-+ while(item != NULL)
-+ {
-+ count++;
-+ item = item->next;
-+ }
-+ return count;
-+}
---- a/crypto/pqueue/pqueue.h
-+++ b/crypto/pqueue/pqueue.h
-@@ -91,5 +91,6 @@ pitem *pqueue_iterator(pqueue pq);
- pitem *pqueue_next(piterator *iter);
-
- void pqueue_print(pqueue pq);
-+int pqueue_size(pqueue pq);
-
- #endif /* ! HEADER_PQUEUE_H */
---- a/ssl/d1_pkt.c
-+++ b/ssl/d1_pkt.c
-@@ -167,6 +167,10 @@ dtls1_buffer_record(SSL *s, record_pqueu
- DTLS1_RECORD_DATA *rdata;
- pitem *item;
-
-+ /* Limit the size of the queue to prevent DOS attacks */
-+ if (pqueue_size(queue->q) >= 100)
-+ return 0;
-+
- rdata = OPENSSL_malloc(sizeof(DTLS1_RECORD_DATA));
- item = pitem_new(priority, rdata);
- if (rdata == NULL || item == NULL)