From cc019084b86bb1a225dba437d95c4f170a6625b5 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 9 Jun 2017 10:51:37 +0100 Subject: [PATCH] Ensure application data records are not kept when fully processed This commit fixes the following case: If a client is both expecting a SERVER_HELLO and has an application data record that's partially processed in flight (that's the situation the client gets into after receiving a ServerHelloRequest followed by ApplicationData), a subsequent call to mbedtls_ssl_read will set keep_current_message = 1 when seeing the unexpected application data, but not reset it to 0 after the application data has been processed. This commit fixes this. --- library/ssl_tls.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index dafef1f5b..bd2c27057 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -6780,8 +6780,11 @@ int mbedtls_ssl_read( mbedtls_ssl_context *ssl, unsigned char *buf, size_t len ) ssl->in_msglen -= n; if( ssl->in_msglen == 0 ) + { /* all bytes consumed */ ssl->in_offt = NULL; + ssl->keep_current_message = 0; + } else /* more data available */ ssl->in_offt += n;