kris/boringssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Condition the read_close_notify check on type, not shutdown state.

Browse Source 
The logic to drop records really should be in the caller. Unless
ssl3_read_bytes is broken apart, condition on the type field which is more
robust.

If we manage to call, say, SSL_read after SSL_shutdown completes at 0 (instead
of 1), this logic can incorrectly cause unknown record types to be dropped.

Change-Id: Iab90e5d9190fcccbf6ff55e17079a2704ed99901
Reviewed-on: https://boringssl-review.googlesource.com/7953
Reviewed-by: Steven Valdez <svaldez@google.com>
Reviewed-by: David Benjamin <davidben@google.com>
This commit is contained in:
David Benjamin 2016-05-10 17:57:32 -04:00
parent fa214e4a18
commit ea65e100c7
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
ssl/s3_pkt.c
View File

@ -577,7 +577,9 @@ start:
goto start;
}
if (ssl->s3->send_shutdown == ssl_shutdown_close_notify) {
if (type == 0) {
/* This may only occur from read_close_notify. */
assert(ssl->s3->send_shutdown == ssl_shutdown_close_notify);
/* close_notify has been sent, so discard all records other than alerts. */
rr->length = 0;
goto start;