Always return errors in ssl3_get_client_hello

If we successfully match a cookie don't set return value to 2 as this results in other error conditions returning 2 as well. Instead set return value to -2 which can be checked later if everything else is OK.

Always return errors in ssl3_get_client_hello
If we successfully match a cookie don't set return value to 2 as this results in other error conditions returning 2 as well. Instead set return value to -2 which can be checked later if everything else is OK.
c56f5b8e · Dr. Stephen Henson · c6913eeb · c56f5b8e
隐藏空白更改
内联并排

Showing with 4 addition and 4 deletion

ssl/s3_srvr.c ssl/s3_srvr.c +4 -4

未找到文件。
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -1082,8 +1082,8 @@ int ssl3_get_client_hello(SSL *s)
 						SSL_R_COOKIE_MISMATCH);
 					goto f_err;
 				}
-
-			ret = 2;
+			/* Set to -2 so if successful we return 2 */
+			ret = -2;
 			}

 		p += cookie_len;
@@ -1461,7 +1461,7 @@ int ssl3_get_client_hello(SSL *s)
 			}
 		}

-	if (ret < 0) ret=1;
+	if (ret < 0) ret=-ret;
 	if (0)
 		{
 f_err:
@@ -1469,7 +1469,7 @@ f_err:
 		}
 err:
 	if (ciphers != NULL) sk_SSL_CIPHER_free(ciphers);
-	return(ret);
+	return ret < 0 ? -1 : ret;
 	}

 int ssl3_send_server_hello(SSL *s)