Use the current record offset in ssl3_get_record

The function ssl3_get_record() can obtain multiple records in one go
as long as we are set up for pipelining and all the records are app
data records. The logic in the while loop which reads in each record is
supposed to only continue looping if the last record we read was app data
and we have an app data record waiting in the buffer to be processed. It
was actually checking that the first record had app data and we have an
app data record waiting. This actually amounts to the same thing so wasn't
wrong - but it looks a bit odd because it uses the |rr| array without an
offset.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>

1 files changed, 2 insertions, 1 deletions

diff --git a/ssl/record/ssl3_record.c b/ssl/record/ssl3_record.c
index 766c3af552..beef2b3dfb 100644
--- a/ssl/record/ssl3_record.c
+++ b/ssl/record/ssl3_record.c
@@ -420,7 +420,8 @@ int ssl3_get_record(SSL *s)
 
         /* we have pulled in a full packet so zero things */
         RECORD_LAYER_reset_packet_length(&s->rlayer);
-    } while (num_recs < max_recs && rr->type == SSL3_RT_APPLICATION_DATA
+    } while (num_recs < max_recs
+             && rr[num_recs-1].type == SSL3_RT_APPLICATION_DATA
              && SSL_USE_EXPLICIT_IV(s)
              && s->enc_read_ctx != NULL
              && (EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(s->enc_read_ctx))