diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2014-09-25 12:27:48 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2014-09-25 12:27:48 +0200 |
commit | bd946640aabc900943f7859ab5348c65f156ae93 (patch) | |
tree | a66077282e35da935754b00da66455331479b4f5 | |
parent | c08e839ef40e14446c441a0fbf7da631d5dfed89 (diff) | |
download | gnutls-bd946640aabc900943f7859ab5348c65f156ae93.tar.gz |
restrict the number of non-fatal errors gnutls_handshake() can return
-rw-r--r-- | lib/gnutls_handshake.c | 4 | ||||
-rw-r--r-- | lib/gnutls_record.c | 6 | ||||
-rw-r--r-- | lib/gnutls_record.h | 5 |
3 files changed, 8 insertions, 7 deletions
diff --git a/lib/gnutls_handshake.c b/lib/gnutls_handshake.c index 4b8db0f947..b978b6a9bf 100644 --- a/lib/gnutls_handshake.c +++ b/lib/gnutls_handshake.c @@ -2589,12 +2589,14 @@ gnutls_handshake_set_timeout(gnutls_session_t session, unsigned int ms) #define IMED_RET( str, ret, allow_alert) do { \ if (ret < 0) { \ /* EAGAIN and INTERRUPTED are always non-fatal */ \ - if (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED) \ + if (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED || ret == GNUTLS_E_LARGE_PACKET) \ return ret; \ /* a warning alert might interrupt handshake */ \ if (allow_alert != 0 && ret==GNUTLS_E_WARNING_ALERT_RECEIVED) return ret; \ gnutls_assert(); \ ERR( str, ret); \ + if (gnutls_error_is_fatal(ret) == 0) ret = gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR); \ + session_invalidate(session); \ _gnutls_handshake_hash_buffers_clear(session); \ return ret; \ } } while (0) diff --git a/lib/gnutls_record.c b/lib/gnutls_record.c index 9e2da9f2bc..a323d52bea 100644 --- a/lib/gnutls_record.c +++ b/lib/gnutls_record.c @@ -349,12 +349,6 @@ int gnutls_bye(gnutls_session_t session, gnutls_close_request_t how) return 0; } -inline static void session_invalidate(gnutls_session_t session) -{ - session->internals.invalid_connection = 1; -} - - inline static void session_unresumable(gnutls_session_t session) { session->internals.resumable = RESUME_FALSE; diff --git a/lib/gnutls_record.h b/lib/gnutls_record.h index 12fcc9b362..10cdb4ebfe 100644 --- a/lib/gnutls_record.h +++ b/lib/gnutls_record.h @@ -73,4 +73,9 @@ inline static unsigned max_decrypted_size(gnutls_session_t session) return size; } +inline static void session_invalidate(gnutls_session_t session) +{ + session->internals.invalid_connection = 1; +} + #endif |