diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2014-09-26 09:01:15 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2014-09-26 09:08:36 +0200 |
commit | 1b29f285a4ec611d3fa85655b257acd99d83cc15 (patch) | |
tree | 305d8e0129da149dcdb2da28391be744ca31d1ee | |
parent | a90fd3606147a96b305d074115e8303f5043ead1 (diff) | |
download | gnutls-1b29f285a4ec611d3fa85655b257acd99d83cc15.tar.gz |
do not allow GNUTLS_E_LARGE_PACKET to be returned from non-DTLS sessions
Conflicts:
lib/gnutls_handshake.c
-rw-r--r-- | lib/gnutls_buffers.c | 15 | ||||
-rw-r--r-- | lib/gnutls_handshake.c | 14 |
2 files changed, 19 insertions, 10 deletions
diff --git a/lib/gnutls_buffers.c b/lib/gnutls_buffers.c index e685a8e899..1df5ea0911 100644 --- a/lib/gnutls_buffers.c +++ b/lib/gnutls_buffers.c @@ -179,7 +179,7 @@ inline static int get_errno(gnutls_session_t session) } inline static -int errno_to_gerr(int err) +int errno_to_gerr(int err, unsigned dtls) { switch (err) { case EAGAIN: @@ -187,7 +187,10 @@ int errno_to_gerr(int err) case EINTR: return GNUTLS_E_INTERRUPTED; case EMSGSIZE: - return GNUTLS_E_LARGE_PACKET; + if (dtls != 0) + return GNUTLS_E_LARGE_PACKET; + else + return GNUTLS_E_PUSH_ERROR; default: gnutls_assert(); return GNUTLS_E_PUSH_ERROR; @@ -234,7 +237,7 @@ _gnutls_dgram_read(gnutls_session_t session, mbuffer_st ** bufel, ("READ: %d returned from %p, errno=%d gerrno=%d\n", (int) i, fd, errno, session->internals.errnum); - ret = errno_to_gerr(err); + ret = errno_to_gerr(err, 1); goto cleanup; } else { _gnutls_read_log("READ: Got %d bytes from %p\n", (int) i, @@ -327,7 +330,7 @@ _gnutls_stream_read(gnutls_session_t session, mbuffer_st ** bufel, goto finish; } - ret = errno_to_gerr(err); + ret = errno_to_gerr(err, 0); goto cleanup; } else { gnutls_assert(); @@ -441,7 +444,7 @@ _gnutls_writev(gnutls_session_t session, const giovec_t * giovec, int err = get_errno(session); _gnutls_debug_log("errno: %d\n", err); - return errno_to_gerr(err); + return errno_to_gerr(err, IS_DTLS(session)); } return i; } @@ -684,7 +687,7 @@ int _gnutls_io_check_recv(gnutls_session_t session, unsigned int ms) _gnutls_read_log ("READ_TIMEOUT: %d returned from %p, errno=%d (timeout: %u)\n", (int) ret, fd, err, ms); - return errno_to_gerr(err); + return errno_to_gerr(err, IS_DTLS(session)); } if (ret > 0) diff --git a/lib/gnutls_handshake.c b/lib/gnutls_handshake.c index 47dc92bb24..3e27c53826 100644 --- a/lib/gnutls_handshake.c +++ b/lib/gnutls_handshake.c @@ -2481,11 +2481,17 @@ static int _gnutls_recv_supplemental(gnutls_session_t session) * has asked to resume a session, but the server couldn't, then a * full handshake will be performed. * - * The non-fatal errors such as %GNUTLS_E_AGAIN and - * %GNUTLS_E_INTERRUPTED interrupt the handshake procedure, which - * should be resumed later. Call this function again, until it + * The non-fatal errors expected by this function are: + * %GNUTLS_E_INTERRUPTED, %GNUTLS_E_AGAIN, + * and %GNUTLS_E_WARNING_ALERT_RECEIVED. + * The former two interrupt the handshake procedure due to the lower + * layer being interrupted, and the latter because of an alert that + * may be sent by a server (it is always a good idea to check any + * received alerts). On these errors call this function again, until it * returns 0; cf. gnutls_record_get_direction() and - * gnutls_error_is_fatal(). + * gnutls_error_is_fatal(). In DTLS sessions the non-fatal error + * %GNUTLS_E_LARGE_PACKET is also possible, and indicates that + * the MTU should be adjusted. * * If this function is called by a server after a rehandshake request * then %GNUTLS_E_GOT_APPLICATION_DATA or |