In ssl3_read_bytes(), do not process more than three consecutive TLS - openbsd - A mirror of https://github.com/libressl/openbsd.git

diff options

author	jsing <>	2016-11-03 16:23:30 +0000
committer	jsing <>	2016-11-03 16:23:30 +0000
commit	9d4284f9206ceea590d46d0b43de9c223d7f96e0 (patch)
tree	5b346c507a4dc36d5e4f9c2abc2489a74b5f199e /src/lib/libtls/tls_init.3
parent	760bbc38fb54be3344613dbed73ffe8678c1fc51 (diff)
download	openbsd-9d4284f9206ceea590d46d0b43de9c223d7f96e0.tar.gz openbsd-9d4284f9206ceea590d46d0b43de9c223d7f96e0.tar.bz2 openbsd-9d4284f9206ceea590d46d0b43de9c223d7f96e0.zip

In ssl3_read_bytes(), do not process more than three consecutive TLS

records, otherwise a peer can potentially cause us to loop indefinately. Return with an SSL_ERROR_WANT_READ instead, so that the caller can choose when they want to handle further processing for this connection. ok beck@ miod@

Diffstat (limited to 'src/lib/libtls/tls_init.3')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: