From 00b0b7c7b9a016dec85b4344c57d08c4019c8f06 Mon Sep 17 00:00:00 2001 From: jsing <> Date: Mon, 25 Feb 2019 16:52:34 +0000 Subject: Correctly handle oversize writes. If the record layer is asked to write more than fits in a plaintext record, cap the amount at that limit. This means that we will effectively write out a single record and return a short-write. This behaviour matches SSL_write() with SSL_MODE_ENABLE_PARTIAL_WRITE enabled and the non-SSL_MODE_ENABLE_PARTIAL_WRITE case will be handled at a higher layer. ok inoguchi@ tb@ --- src/lib/libssl/tls13_record_layer.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'src') diff --git a/src/lib/libssl/tls13_record_layer.c b/src/lib/libssl/tls13_record_layer.c index 07efcbc702..d4bc50ab4e 100644 --- a/src/lib/libssl/tls13_record_layer.c +++ b/src/lib/libssl/tls13_record_layer.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls13_record_layer.c,v 1.6 2019/02/23 15:02:34 jsing Exp $ */ +/* $OpenBSD: tls13_record_layer.c,v 1.7 2019/02/25 16:52:34 jsing Exp $ */ /* * Copyright (c) 2018, 2019 Joel Sing * @@ -760,7 +760,9 @@ static ssize_t tls13_record_layer_write(struct tls13_record_layer *rl, uint8_t content_type, const uint8_t *buf, size_t n) { - /* XXX - handle fragmenting... */ + if (n > TLS13_RECORD_MAX_PLAINTEXT_LEN) + n = TLS13_RECORD_MAX_PLAINTEXT_LEN; + return tls13_record_layer_write_record(rl, content_type, buf, n); } -- cgit v1.2.3-55-g6feb