Fix a compression bug

do_ssl3_write() was crashing when compression was enabled. We calculate the maximum length that a record will be after compression and reserve those bytes in the WPACKET. Unfortunately we were adding the maximum compression overhead onto the wrong variable resulting in a corrupted record. Reviewed-by: N Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2814)

Fix a compression bug
do_ssl3_write() was crashing when compression was enabled. We calculate the maximum length that a record will be after compression and reserve those bytes in the WPACKET. Unfortunately we were adding the maximum compression overhead onto the wrong variable resulting in a corrupted record. Reviewed-by: N Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2814)
f33f9dde · Matt Caswell · c19602b5 · f33f9dde
隐藏空白更改
内联并排

Showing with 1 addition and 1 deletion

ssl/record/rec_layer_s3.c ssl/record/rec_layer_s3.c +1 -1

未找到文件。
--- a/ssl/record/rec_layer_s3.c
+++ b/ssl/record/rec_layer_s3.c
@@ -791,7 +791,7 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf,

        maxcomplen = pipelens[j];
        if (s->compress != NULL)
-            pipelens[j] += SSL3_RT_MAX_COMPRESSED_OVERHEAD;
+            maxcomplen += SSL3_RT_MAX_COMPRESSED_OVERHEAD;

        /* write the header */
        if (!WPACKET_put_bytes_u8(thispkt, rectype)