From 86ebc48032d305775580c1d17bfdb84c64f0fa0a Mon Sep 17 00:00:00 2001
From: toddouska <todd@wolfssl.com>
Date: Wed, 26 Mar 2014 13:16:43 -0700
Subject: [PATCH] fix for item 7 report by Ivan Fratric of the Google Security
 Team

---
 src/internal.c | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/src/internal.c b/src/internal.c
index a3c5fd389..182697ac4 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -4927,6 +4927,11 @@ int ProcessReply(CYASSL* ssl)
         atomicUser = 1;
 #endif
 
+    if (ssl->error != 0 && ssl->error != WANT_READ && ssl->error != WANT_WRITE){
+        CYASSL_MSG("ProcessReply retry in error state, not allowed");
+        return ssl->error;
+    }
+
     for (;;) {
         switch (ssl->options.processReply) {
 
@@ -5956,6 +5961,11 @@ int ReceiveData(CYASSL* ssl, byte* output, int sz, int peek)
     if (ssl->error == WANT_READ)
         ssl->error = 0;
 
+    if (ssl->error != 0 && ssl->error != WANT_WRITE) {
+        CYASSL_MSG("User calling CyaSSL_read in error state, not allowed");
+        return ssl->error;
+    }
+
     if (ssl->options.handShakeState != HANDSHAKE_DONE) {
         int err;
         CYASSL_MSG("Handshake not complete, trying to finish");