diff options
author | nelsonb%netscape.com <devnull@localhost> | 2000-12-02 01:01:15 +0000 |
---|---|---|
committer | nelsonb%netscape.com <devnull@localhost> | 2000-12-02 01:01:15 +0000 |
commit | 568990070781ef13b80c2e3fffce2f84904c1e24 (patch) | |
tree | 13e65af2c7746054a0fc1da7bc0e6d3f86b4c9e8 | |
parent | 1262c956cdd4aa641cca1c7e5c0dbaa73d4bfa61 (diff) | |
download | nss-hg-568990070781ef13b80c2e3fffce2f84904c1e24.tar.gz |
In ssl3_GatherData, the value of gs->inbuf.len was incorrect during the
GS_HEADER state. It should be correct in all states.
In ssl_DestroyGather, prior to freeing the buffers, the code zeroed out
the ciphertext buffer. It now zeros out the plaintext buffer instead.
Fixes bug 61784.
-rw-r--r-- | security/nss/lib/ssl/ssl3gthr.c | 4 | ||||
-rw-r--r-- | security/nss/lib/ssl/sslgathr.c | 8 |
2 files changed, 6 insertions, 6 deletions
diff --git a/security/nss/lib/ssl/ssl3gthr.c b/security/nss/lib/ssl/ssl3gthr.c index 909850e94..2937e6c3c 100644 --- a/security/nss/lib/ssl/ssl3gthr.c +++ b/security/nss/lib/ssl/ssl3gthr.c @@ -76,6 +76,7 @@ ssl3_GatherData(sslSocket *ss, sslGather *gs, int flags) gs->offset = 0; gs->writeOffset = 0; gs->readOffset = 0; + gs->inbuf.len = 0; } lbp = gs->inbuf.buf; @@ -108,8 +109,9 @@ ssl3_GatherData(sslSocket *ss, sslGather *gs, int flags) } gs->offset += nb; - gs->inbuf.len += nb; gs->remainder -= nb; + if (gs->state == GS_DATA) + gs->inbuf.len += nb; /* if there's more to go, read some more. */ if (gs->remainder > 0) { diff --git a/security/nss/lib/ssl/sslgathr.c b/security/nss/lib/ssl/sslgathr.c index 737a55c9b..e9176172f 100644 --- a/security/nss/lib/ssl/sslgathr.c +++ b/security/nss/lib/ssl/sslgathr.c @@ -436,11 +436,9 @@ ssl_NewGather(void) void ssl_DestroyGather(sslGather *gs) { - if (gs->inbuf.buf != NULL) { - PORT_ZFree(gs->inbuf.buf, gs->inbuf.len); - } - if (gs) { - PORT_Free(gs->buf.buf); + if (gs) { /* the PORT_*Free functions check for NULL pointers. */ + PORT_ZFree(gs->buf.buf, gs->buf.space); + PORT_Free(gs->inbuf.buf); PORT_Free(gs); } } |