feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

fix: async: don't rewind index if post-handshake connect() fails

Browse Source 
During post-handshake authentication async code mistakes connect() error code
with the error code of DoTls13CertificateRequest and wrongly rewinds the buffer.

The bug was never triggered because of side effects of ShrinkBuffer (removed in
40cb6e0853)
This commit is contained in:
Marco Oliverio
2022-07-21 10:51:15 +02:00
parent a4e3dc9638
commit a235de25fe
1 changed files with 8 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
src/tls13.c
View File

@ -9473,6 +9473,14 @@ int DoTls13HandShakeMsgType(WOLFSSL* ssl, byte* input, word32* inOutIdx,
break;
}
#if defined(WOLFSSL_ASYNC_CRYPT) || defined(WOLFSSL_ASYNC_IO)
/* if async, offset index so this msg will be processed again */
/* NOTE: check this now before other calls can overwirte ret */
if ((ret == WC_PENDING_E || ret == OCSP_WANT_READ) && *inOutIdx > 0) {
*inOutIdx -= HANDSHAKE_HEADER_SZ;
}
#endif
/* reset error */
if (ret == 0 && ssl->error == WC_PENDING_E)
ssl->error = 0;
@ -9593,13 +9601,6 @@ int DoTls13HandShakeMsgType(WOLFSSL* ssl, byte* input, word32* inOutIdx,
#endif /* NO_WOLFSSL_SERVER */
}
#if defined(WOLFSSL_ASYNC_CRYPT) || defined(WOLFSSL_ASYNC_IO)
/* if async, offset index so this msg will be processed again */
if ((ret == WC_PENDING_E || ret == OCSP_WANT_READ) && *inOutIdx > 0) {
*inOutIdx -= HANDSHAKE_HEADER_SZ;
}
#endif
WOLFSSL_LEAVE("DoTls13HandShakeMsgType()", ret);
return ret;
}