diff options
author | Bodo Möller <bodo@openssl.org> | 2000-12-25 18:40:46 +0000 |
---|---|---|
committer | Bodo Möller <bodo@openssl.org> | 2000-12-25 18:40:46 +0000 |
commit | a0aae68cf6f3383f248c0e1991973224f2e4498f (patch) | |
tree | 00a32cf8d31ede67946750c91b26f7ddd3647f7c /ssl/s2_pkt.c | |
parent | 57d2f21782631c735ed134ee4fb0d682426e1522 (diff) |
Fix SSL_peek and SSL_pending.
Diffstat (limited to 'ssl/s2_pkt.c')
-rw-r--r-- | ssl/s2_pkt.c | 58 |
1 files changed, 29 insertions, 29 deletions
diff --git a/ssl/s2_pkt.c b/ssl/s2_pkt.c index 2866d61fa4..0ec9ee3393 100644 --- a/ssl/s2_pkt.c +++ b/ssl/s2_pkt.c @@ -138,7 +138,7 @@ static int ssl2_read_internal(SSL *s, void *buf, int len, int peek) return -1; } -ssl2_read_again: + ssl2_read_again: if (SSL_in_init(s) && !s->in_handshake) { n=s->handshake_func(s); @@ -162,13 +162,22 @@ ssl2_read_again: n=len; memcpy(buf,s->s2->ract_data,(unsigned int)n); - s->s2->ract_data_length-=n; - s->s2->ract_data+=n; - if (s->s2->ract_data_length == 0) - s->rstate=SSL_ST_READ_HEADER; + if (!peek) + { + s->s2->ract_data_length-=n; + s->s2->ract_data+=n; + if (s->s2->ract_data_length == 0) + s->rstate=SSL_ST_READ_HEADER; + } + return(n); } + /* s->s2->ract_data_length == 0 + * + * Fill the buffer, then goto ssl2_read_again. + */ + if (s->rstate == SSL_ST_READ_HEADER) { if (s->first_packet) @@ -266,33 +275,24 @@ ssl2_read_again: INC32(s->s2->read_sequence); /* expect next number */ /* s->s2->ract_data is now available for processing */ -#if 1 - /* How should we react when a packet containing 0 - * bytes is received? (Note that SSLeay/OpenSSL itself - * never sends such packets; see ssl2_write.) - * Returning 0 would be interpreted by the caller as - * indicating EOF, so it's not a good idea. - * Instead, we just continue reading. Note that using - * select() for blocking sockets *never* guarantees + /* Possibly the packet that we just read had 0 actual data bytes. + * (SSLeay/OpenSSL itself never sends such packets; see ssl2_write.) + * In this case, returning 0 would be interpreted by the caller + * as indicating EOF, so it's not a good idea. Instead, we just + * continue reading; thus ssl2_read_internal may have to process + * multiple packets before it can return. + * + * [Note that using select() for blocking sockets *never* guarantees * that the next SSL_read will not block -- the available - * data may contain incomplete packets, and except for SSL 2 - * renegotiation can confuse things even more. */ + * data may contain incomplete packets, and except for SSL 2, + * renegotiation can confuse things even more.] */ goto ssl2_read_again; /* This should really be - * "return ssl2_read(s,buf,len)", - * but that would allow for - * denial-of-service attacks if a - * C compiler is used that does not - * recognize end-recursion. */ -#else - /* If a 0 byte packet was sent, return 0, otherwise - * we play havoc with people using select with - * blocking sockets. Let them handle a packet at a time, - * they should really be using non-blocking sockets. */ - if (s->s2->ract_data_length == 0) - return(0); - return(ssl2_read(s,buf,len)); -#endif + * "return ssl2_read(s,buf,len)", + * but that would allow for + * denial-of-service attacks if a + * C compiler is used that does not + * recognize end-recursion. */ } else { |