diff options
author | Bodo Möller <bodo@openssl.org> | 1999-04-22 14:28:38 +0000 |
---|---|---|
committer | Bodo Möller <bodo@openssl.org> | 1999-04-22 14:28:38 +0000 |
commit | 85f48f7e93987a48da29877bd64258d88c5a4f99 (patch) | |
tree | a5255ed4a41bf93462c9efacf98a1b6d12b5a8b3 /ssl/s2_pkt.c | |
parent | 6cda1005f8b9d9dc834a13feb809f52e1bac443d (diff) |
Don't return 0 from ssl2_read when a packet with empty payload is received.
Submitted by:
Reviewed by:
PR:
Diffstat (limited to 'ssl/s2_pkt.c')
-rw-r--r-- | ssl/s2_pkt.c | 21 |
1 files changed, 21 insertions, 0 deletions
diff --git a/ssl/s2_pkt.c b/ssl/s2_pkt.c index 89fe9dabb1..61b20305c1 100644 --- a/ssl/s2_pkt.c +++ b/ssl/s2_pkt.c @@ -104,6 +104,7 @@ int ssl2_read(SSL *s, char *buf, int len) int i; unsigned int mac_size=0; +ssl2_read_again: if (SSL_in_init(s) && !s->in_handshake) { n=s->handshake_func(s); @@ -231,6 +232,25 @@ int ssl2_read(SSL *s, char *buf, int len) INC32(s->s2->read_sequence); /* expect next number */ /* s->s2->ract_data is now available for processing */ +#if 1 + /* How should we react when a packet containing 0 + * bytes is received? (Note that SSLeay/OpenSSL itself + * never sends such packets; see ssl2_write.) + * Returning 0 would be interpreted by the caller as + * indicating EOF, so it's not a good idea. + * Instead, we just continue reading. Note that using + * select() for blocking sockets *never* guarantees + * that the next SSL_read will not block -- the available + * data may contain incomplete packets, and except for SSL 2 + * renegotiation can confuse things even more. */ + + goto ssl2_read_again; /* This should really be + * "return ssl2_read(s,buf,len)", + * but that would allow for + * denial-of-service attacks if a + * C compiler is used that does not + * recognize end-recursion. */ +#else /* If a 0 byte packet was sent, return 0, otherwise * we play havoc with people using select with * blocking sockets. Let them handle a packet at a time, @@ -238,6 +258,7 @@ int ssl2_read(SSL *s, char *buf, int len) if (s->s2->ract_data_length == 0) return(0); return(ssl2_read(s,buf,len)); +#endif } else { |