root
/
openssl
mirror of https://github.com/openssl/openssl.git
1
0
Fork 0
Code Issues Actions 7 Packages Projects Releases Wiki Activity

Release zero length handshake fragment records 

If we are processing a hanshake fragment and we end up with a
zero length record, then we still need to release it to avoid an
infinite loop.

Fixes #20821

Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20824)
This commit is contained in:
Matt Caswell 2023-04-25 11:39:26 +01:00
parent 1c35e39ac0
commit c20d923b46
1 changed files with 6 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
ssl/record/rec_layer_s3.c
View File

@ -939,9 +939,13 @@ int ssl3_read_bytes(SSL *ssl, int type, int *recvd_type, unsigned char *buf,
if (n > 0) {
memcpy(dest + *dest_len, rr->data + rr->off, n);
*dest_len += n;
if (!ssl_release_record(s, rr, n))
return -1;
}
/*
* We release the number of bytes consumed, or the whole record if it
* is zero length
*/
if ((n > 0 || rr->length == 0) && !ssl_release_record(s, rr, n))
return -1;
if (*dest_len < dest_maxlen)
goto start; /* fragment was too small */