Merge pull request #5147 from rizlik/do_alert_reset

internal.c:reset input/processReply state if exiting after DoAlert()
2022-05-19 09:36:44 +10:00
parent b53484be10 be172af3cd
commit cd41c8beaf
1 changed files with 9 additions and 1 deletions
--- a/src/internal.c
+++ b/src/internal.c
@@ -17397,6 +17397,10 @@ int ProcessReplyEx(WOLFSSL* ssl, int allowSocketErr)

        /* the record layer is here */
        case runProcessingOneMessage:
+            /* can't process a message if we have no data.  */
+            if (ssl->buffers.inputBuffer.idx
+                >= ssl->buffers.inputBuffer.length)
+                return BUFFER_ERROR;

       #if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY)
            if (IsEncryptionOn(ssl, 0) && ssl->options.startedETMRead) {
@@ -17709,8 +17713,12 @@ int ProcessReplyEx(WOLFSSL* ssl, int allowSocketErr)
                        return ret;

                    /* catch warnings that are handled as errors */
-                    if (type == close_notify)
+                    if (type == close_notify) {
+                        ssl->buffers.inputBuffer.idx =
+                            ssl->buffers.inputBuffer.length;
+                        ssl->options.processReply = doProcessInit;
                        return ssl->error = ZERO_RETURN;
+                    }

                    if (type == decrypt_error)
                        return FATAL_ERROR;