From d2989d9f434918a1e0fdbe4e27a3efc364f86c0b Mon Sep 17 00:00:00 2001
From: John Safranek <john@wolfssl.com>
Date: Fri, 16 Nov 2018 10:53:01 -0800
Subject: [PATCH] Sniffer Fix Drop a handshake message if it is split across
 TLS records. The likely messages dropped are certificate and certificate
 request, which are ignored by the sniffer.

---
 src/sniffer.c            | 8 +++++---
 wolfssl/sniffer_error.h  | 1 +
 wolfssl/sniffer_error.rc | 1 +
 3 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/src/sniffer.c b/src/sniffer.c
index 96c633fe5..462946030 100644
--- a/src/sniffer.c
+++ b/src/sniffer.c
@@ -245,7 +245,8 @@ static const char* const msgTable[] =
 
     /* 81 */
     "Bad Decrypt Size",
-    "Extended Master Secret Hash Error"
+    "Extended Master Secret Hash Error",
+    "Handshake Message Split Across TLS Records"
 };
 
 
@@ -2060,8 +2061,9 @@ static int DoHandShake(const byte* input, int* sslBytes,
     startBytes = *sslBytes;
 
     if (*sslBytes < size) {
-        SetError(HANDSHAKE_INPUT_STR, error, session, FATAL_ERROR_STATE);
-        return -1;
+        Trace(SPLIT_HANDSHAKE_MSG_STR);
+        *sslBytes = 0;
+        return ret;
     }
 
     /* A session's arrays are released when the handshake is completed. */
diff --git a/wolfssl/sniffer_error.h b/wolfssl/sniffer_error.h
index 8c813b198..0af7079a1 100644
--- a/wolfssl/sniffer_error.h
+++ b/wolfssl/sniffer_error.h
@@ -118,6 +118,7 @@
 
 #define BAD_DECRYPT_SIZE 81
 #define EXTENDED_MASTER_HASH_STR 82
+#define SPLIT_HANDSHAKE_MSG_STR 83
 /* !!!! also add to msgTable in sniffer.c and .rc file !!!! */
 
 
diff --git a/wolfssl/sniffer_error.rc b/wolfssl/sniffer_error.rc
index 947be6119..735e3184a 100644
--- a/wolfssl/sniffer_error.rc
+++ b/wolfssl/sniffer_error.rc
@@ -99,5 +99,6 @@ STRINGTABLE
 
     81, "Bad Decrypt Size"
     82, "Extended Master Secret Hash Error"
+    83, "Handshake Message Split Across TLS Records"
 }