From 778ac3e976e281b000c75112e6850b1dff1a0621 Mon Sep 17 00:00:00 2001 From: jsing <> Date: Tue, 26 Feb 2019 17:38:39 +0000 Subject: Correct return values for non-fatal alerts. In the close notify case we need to signal EOF and in the user cancelled case we need to return WANT_POLLIN. Returning success results in tls13_record_layer_read_record() thinking that we have record data when we do not, which then results in the content type check later failing. ok tb@ --- src/lib/libssl/tls13_record_layer.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'src/lib/libssl') diff --git a/src/lib/libssl/tls13_record_layer.c b/src/lib/libssl/tls13_record_layer.c index d4bc50ab4e..71ce4a81ae 100644 --- a/src/lib/libssl/tls13_record_layer.c +++ b/src/lib/libssl/tls13_record_layer.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls13_record_layer.c,v 1.7 2019/02/25 16:52:34 jsing Exp $ */ +/* $OpenBSD: tls13_record_layer.c,v 1.8 2019/02/26 17:38:39 jsing Exp $ */ /* * Copyright (c) 2018, 2019 Joel Sing * @@ -221,10 +221,10 @@ tls13_record_layer_process_alert(struct tls13_record_layer *rl) */ if (alert_desc == SSL_AD_CLOSE_NOTIFY) { rl->read_closed = 1; - ret = TLS13_IO_SUCCESS; + ret = TLS13_IO_EOF; } else if (alert_desc == SSL_AD_USER_CANCELLED) { /* Ignored at the record layer. */ - ret = TLS13_IO_SUCCESS; + ret = TLS13_IO_WANT_POLLIN; } else if (alert_level == SSL3_AL_FATAL) { rl->read_closed = 1; rl->write_closed = 1; -- cgit v1.2.3-55-g6feb