mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2026-07-05 20:10:49 +02:00
Merge pull request #10098 from douzzer/20260328-test_wolfSSL_dtls_fragments-race-mitigation
20260328-test_wolfSSL_dtls_fragments-race-mitigation
This commit is contained in:
+25
-11
@@ -24655,19 +24655,33 @@ static int test_wolfSSL_dtls_fragments(void)
|
||||
|
||||
test_wolfSSL_client_server_nofail(&func_cb_client, &func_cb_server);
|
||||
|
||||
ExpectFalse(func_cb_client.return_code);
|
||||
ExpectFalse(func_cb_server.return_code);
|
||||
|
||||
/* The socket should be closed by the server resulting in a
|
||||
* socket error, fatal error or reading a close notify alert */
|
||||
if (func_cb_client.last_err != WC_NO_ERR_TRACE(SOCKET_ERROR_E) &&
|
||||
func_cb_client.last_err != WOLFSSL_ERROR_ZERO_RETURN &&
|
||||
func_cb_client.last_err != WC_NO_ERR_TRACE(FATAL_ERROR)) {
|
||||
ExpectIntEQ(func_cb_client.last_err, WC_NO_ERR_TRACE(SOCKET_ERROR_E));
|
||||
/* If the client failed, check that the error it encountered was from
|
||||
* the server aborting, resulting in a socket error, fatal error or
|
||||
* reading a close notify alert.
|
||||
*
|
||||
* Under slow execution (e.g. valgrind + noasm), the server may
|
||||
* still be processing fragments when the client completes its
|
||||
* handshake and write, so the client may succeed -- in that
|
||||
* case return_code is TEST_SUCCESS and these checks don't apply.
|
||||
*/
|
||||
if (func_cb_client.return_code == TEST_FAIL) {
|
||||
if (func_cb_client.last_err != WC_NO_ERR_TRACE(SOCKET_ERROR_E) &&
|
||||
func_cb_client.last_err != WOLFSSL_ERROR_ZERO_RETURN &&
|
||||
func_cb_client.last_err != WC_NO_ERR_TRACE(FATAL_ERROR)) {
|
||||
ExpectIntEQ(func_cb_client.last_err, WC_NO_ERR_TRACE(SOCKET_ERROR_E));
|
||||
}
|
||||
}
|
||||
/* Check the server returned an error indicating the msg buffer
|
||||
* was full */
|
||||
ExpectIntEQ(func_cb_server.last_err, WC_NO_ERR_TRACE(DTLS_TOO_MANY_FRAGMENTS_E));
|
||||
* was full.
|
||||
*
|
||||
* Under slow execution (e.g. valgrind + noasm), the real handshake
|
||||
* from wolfSSL_negotiate() may complete before enough spam fragments
|
||||
* accumulate to trigger DTLS_TOO_MANY_FRAGMENTS_E. Accept both
|
||||
* outcomes: server hit the fragment limit, or completed normally.
|
||||
*/
|
||||
if (func_cb_server.return_code == TEST_FAIL) {
|
||||
ExpectIntEQ(func_cb_server.last_err, WC_NO_ERR_TRACE(DTLS_TOO_MANY_FRAGMENTS_E));
|
||||
}
|
||||
|
||||
if (EXPECT_FAIL())
|
||||
break;
|
||||
|
||||
Reference in New Issue
Block a user