Mark a HelloRequest record as read if we ignore it

Otherwise the client will try to process it again. The second time around it will try and move the record data into handshake fragment storage and realise that there is no data left. At that point it marks it as read anyway. However, it is a bug that we go around the loop a second time, so we prevent that. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2200)
author: Matt Caswell <matt@openssl.org> 2017-01-09 17:29:44 +0000
committer: Matt Caswell <matt@openssl.org> 2017-01-10 12:30:15 +0000
commit: 290a0419f0c13a30fb3a1d1a279125c8aeafd17e (patch)
tree: f82b02e4579b0f09150f55af9783acca667eaf60 /ssl
parent: f61c5ca6ca183bf0a51651857e3efb02a98889ad (diff)
1 files changed, 5 insertions, 0 deletions
diff --git a/ssl/record/rec_layer_s3.c b/ssl/record/rec_layer_s3.c
index 93b7d05b8d..486da643d9 100644
--- a/ssl/record/rec_layer_s3.c
+++ b/ssl/record/rec_layer_s3.c
@@ -1430,7 +1430,12 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
                         return -1;
                     }
                 }
+            } else {
+                SSL3_RECORD_set_read(rr);
             }
+        } else {
+            /* Does this ever happen? */
+            SSL3_RECORD_set_read(rr);
         }
         /*
          * we either finished a handshake or ignored the request, now try
author	Matt Caswell <matt@openssl.org>	2017-01-09 17:29:44 +0000
committer	Matt Caswell <matt@openssl.org>	2017-01-10 12:30:15 +0000
commit	290a0419f0c13a30fb3a1d1a279125c8aeafd17e (patch)
tree	f82b02e4579b0f09150f55af9783acca667eaf60 /ssl
parent	f61c5ca6ca183bf0a51651857e3efb02a98889ad (diff)