mirror of https://github.com/openssl/openssl.git
a23d5e20f1
App data records with 0 bytes of payload will confuse callers of SSL_read(). This will cause a successful read and return 0 bytes as read. Unfortunately a 0 return from SSL_read() is considered a failure response. A subsequent call to SSL_get_error() will then give the wrong result. Zero length app data records are actually allowed by the spec, but have never been handled correctly by OpenSSL. We already disallow creating such empty app data records. Since the SSL_read() API does not have a good way to handle this type of read, we simply ignore them. Partial fix for #27316 Reviewed-by: Frederik Wedel-Heinen <fwh.openssl@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/27541) |
||
|---|---|---|
| .. | ||
| build.info | ||
| dtls_meth.c | ||
| ktls_meth.c | ||
| recmethod_local.h | ||
| ssl3_cbc.c | ||
| ssl3_meth.c | ||
| tls1_meth.c | ||
| tls13_meth.c | ||
| tls_common.c | ||
| tls_multib.c | ||
| tls_pad.c | ||
| tlsany_meth.c | ||