There is only one read buffer

Pipelining introduced the concept of multiple records being read in one go. Therefore we work with an array of SSL3_RECORD objects. The pipelining change erroneously made a change in ssl3_get_record() to apply the current record offset to the SSL3_BUFFER we are using for reading. This is wrong - there is only ever one read buffer. This reverts that change. In practice this should make little difference because the code block in question is only ever used when we are processing a single record. Reviewed-by: N Viktor Dukhovni <viktor@openssl.org>

There is only one read buffer
Pipelining introduced the concept of multiple records being read in one go. Therefore we work with an array of SSL3_RECORD objects. The pipelining change erroneously made a change in ssl3_get_record() to apply the current record offset to the SSL3_BUFFER we are using for reading. This is wrong - there is only ever one read buffer. This reverts that change. In practice this should make little difference because the code block in question is only ever used when we are processing a single record. Reviewed-by: N Viktor Dukhovni <viktor@openssl.org>
6da57392 · Matt Caswell · 5507b961 · 6da57392
隐藏空白更改
内联并排

Showing with 1 addition and 1 deletion

ssl/record/ssl3_record.c ssl/record/ssl3_record.c +1 -1

未找到文件。
--- a/ssl/record/ssl3_record.c
+++ b/ssl/record/ssl3_record.c
@@ -276,7 +276,7 @@ int ssl3_get_record(SSL *s)

                rr[num_recs].length = ((p[0] & 0x7f) << 8) | p[1];

-                if (rr[num_recs].length > SSL3_BUFFER_get_len(&rbuf[num_recs])
+                if (rr[num_recs].length > SSL3_BUFFER_get_len(rbuf)
                                 - SSL2_RT_HEADER_LENGTH) {
                    al = SSL_AD_RECORD_OVERFLOW;
                    SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_PACKET_LENGTH_TOO_LONG);