diff options
author | Wan-Teh Chang <wtc@google.com> | 2015-05-07 14:18:30 -0700 |
---|---|---|
committer | Wan-Teh Chang <wtc@google.com> | 2015-05-07 14:18:30 -0700 |
commit | 96e624ab53b1b6d549a95e5bdaf2637c8e9f41fb (patch) | |
tree | c21f113ea5ec310c5d684a814c1d5e97df23293a | |
parent | 4c141ab35d10a55bb353ac2ff9d224f442891d95 (diff) | |
download | nss-hg-96e624ab53b1b6d549a95e5bdaf2637c8e9f41fb.tar.gz |
Bug 1162644: Call PORT_SetError after calling SSL3_SendAlert.
r=martin.thomson.
-rw-r--r-- | lib/ssl/ssl3ext.c | 28 |
1 files changed, 14 insertions, 14 deletions
diff --git a/lib/ssl/ssl3ext.c b/lib/ssl/ssl3ext.c index 28d21c4b1..74f5667a6 100644 --- a/lib/ssl/ssl3ext.c +++ b/lib/ssl/ssl3ext.c @@ -625,8 +625,8 @@ ssl3_SelectAppProtocol(sslSocket *ss, PRUint16 ex_type, SECItem *data) rv = ssl3_ValidateNextProtoNego(data->data, data->len); if (rv != SECSuccess) { - PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID); (void)SSL3_SendAlert(ss, alert_fatal, decode_error); + PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID); return rv; } @@ -653,8 +653,8 @@ ssl3_SelectAppProtocol(sslSocket *ss, PRUint16 ex_type, SECItem *data) ss->ssl3.nextProtoState != SSL_NEXT_PROTO_NEGOTIATED) { /* The callback might say OK, but then it picks a default value - one * that was not listed. That's OK for NPN, but not ALPN. */ - PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_NO_PROTOCOL); (void)SSL3_SendAlert(ss, alert_fatal, no_application_protocol); + PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_NO_PROTOCOL); return SECFailure; } @@ -673,8 +673,8 @@ ssl3_ServerHandleAppProtoXtn(sslSocket *ss, PRUint16 ex_type, SECItem *data) * despite it being permitted by the spec. */ if (ss->firstHsDone || data->len == 0) { /* Clients MUST send a non-empty ALPN extension. */ - PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID); (void)SSL3_SendAlert(ss, alert_fatal, illegal_parameter); + PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID); return SECFailure; } @@ -701,8 +701,8 @@ ssl3_ServerHandleAppProtoXtn(sslSocket *ss, PRUint16 ex_type, SECItem *data) rv = ssl3_RegisterServerHelloExtensionSender( ss, ex_type, ssl3_ServerSendAppProtoXtn); if (rv != SECSuccess) { - PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); (void)SSL3_SendAlert(ss, alert_fatal, internal_error); + PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); return rv; } } @@ -722,8 +722,8 @@ ssl3_ClientHandleNextProtoNegoXtn(sslSocket *ss, PRUint16 ex_type, * we've negotiated NPN then we're required to send the NPN handshake * message. Thus, these two extensions cannot both be negotiated on the * same connection. */ - PORT_SetError(SSL_ERROR_BAD_SERVER); (void)SSL3_SendAlert(ss, alert_fatal, illegal_parameter); + PORT_SetError(SSL_ERROR_BAD_SERVER); return SECFailure; } @@ -733,8 +733,8 @@ ssl3_ClientHandleNextProtoNegoXtn(sslSocket *ss, PRUint16 ex_type, * we sent the ClientHello and now. */ if (!ss->nextProtoCallback) { PORT_Assert(0); - PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_NO_CALLBACK); (void)SSL3_SendAlert(ss, alert_fatal, internal_error); + PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_NO_CALLBACK); return SECFailure; } @@ -758,16 +758,16 @@ ssl3_ClientHandleAppProtoXtn(sslSocket *ss, PRUint16 ex_type, SECItem *data) * uint8 len; // where len >= 1 * uint8 protocol_name[len]; */ if (data->len < 4 || data->len > 2 + 1 + 255) { - PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID); (void)SSL3_SendAlert(ss, alert_fatal, decode_error); + PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID); return SECFailure; } list_len = ssl3_ConsumeHandshakeNumber(ss, 2, &data->data, &data->len); /* The list has to be the entire extension. */ if (list_len != data->len) { - PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID); (void)SSL3_SendAlert(ss, alert_fatal, decode_error); + PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID); return SECFailure; } @@ -775,8 +775,8 @@ ssl3_ClientHandleAppProtoXtn(sslSocket *ss, PRUint16 ex_type, SECItem *data) &data->data, &data->len); /* The list must have exactly one value. */ if (rv != SECSuccess || data->len != 0) { - PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID); (void)SSL3_SendAlert(ss, alert_fatal, decode_error); + PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID); return SECFailure; } @@ -2063,8 +2063,8 @@ ssl3_HandleRenegotiationInfoXtn(sslSocket *ss, PRUint16 ex_type, SECItem *data) } if (len && NSS_SecureMemcmp(ss->ssl3.hs.finishedMsgs.data, data->data + 1, len)) { - PORT_SetError(SSL_ERROR_BAD_HANDSHAKE_HASH_VALUE); (void)SSL3_SendAlert(ss, alert_fatal, handshake_failure); + PORT_SetError(SSL_ERROR_BAD_HANDSHAKE_HASH_VALUE); return SECFailure; } /* remember that we got this extension and it was correct. */ @@ -2188,8 +2188,8 @@ ssl3_ClientHandleUseSRTPXtn(sslSocket * ss, PRUint16 ex_type, SECItem *data) } if (!found) { - PORT_SetError(SSL_ERROR_RX_MALFORMED_SERVER_HELLO); (void)SSL3_SendAlert(ss, alert_fatal, illegal_parameter); + PORT_SetError(SSL_ERROR_RX_MALFORMED_SERVER_HELLO); return SECFailure; } @@ -2202,8 +2202,8 @@ ssl3_ClientHandleUseSRTPXtn(sslSocket * ss, PRUint16 ex_type, SECItem *data) /* We didn't offer an MKI, so this must be 0 length */ if (litem.len != 0) { - PORT_SetError(SSL_ERROR_RX_MALFORMED_SERVER_HELLO); (void)SSL3_SendAlert(ss, alert_fatal, illegal_parameter); + PORT_SetError(SSL_ERROR_RX_MALFORMED_SERVER_HELLO); return SECFailure; } @@ -2313,8 +2313,8 @@ ssl3_ServerHandleSigAlgsXtn(sslSocket * ss, PRUint16 ex_type, SECItem *data) } /* Trailing data, empty value, or odd-length value is invalid. */ if (data->len != 0 || algorithms.len == 0 || (algorithms.len & 1) != 0) { - PORT_SetError(SSL_ERROR_RX_MALFORMED_CLIENT_HELLO); (void)SSL3_SendAlert(ss, alert_fatal, decode_error); + PORT_SetError(SSL_ERROR_RX_MALFORMED_CLIENT_HELLO); return SECFailure; } @@ -2328,8 +2328,8 @@ ssl3_ServerHandleSigAlgsXtn(sslSocket * ss, PRUint16 ex_type, SECItem *data) ss->ssl3.hs.clientSigAndHash = PORT_NewArray(SSL3SignatureAndHashAlgorithm, numAlgorithms); if (!ss->ssl3.hs.clientSigAndHash) { - PORT_SetError(SSL_ERROR_RX_MALFORMED_CLIENT_HELLO); (void)SSL3_SendAlert(ss, alert_fatal, internal_error); + PORT_SetError(SSL_ERROR_RX_MALFORMED_CLIENT_HELLO); return SECFailure; } ss->ssl3.hs.numClientSigAndHash = 0; |