]> git.saurik.com Git - apple/security.git/blobdiff - OSX/libsecurity_ssl/lib/SSLRecordInternal.c
projects / apple / security.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Security-58286.20.16.tar.gz
[apple/security.git] / OSX / libsecurity_ssl / lib / SSLRecordInternal.c
diff --git a/OSX/libsecurity_ssl/lib/SSLRecordInternal.c b/OSX/libsecurity_ssl/lib/SSLRecordInternal.c
index 9b0008716022c6603b3823e602fe3f8d02044a54..8da7af2a113306fda4626ca0df71e486f17947a4 100644 (file)
--- a/OSX/libsecurity_ssl/lib/SSLRecordInternal.c
+++ b/OSX/libsecurity_ssl/lib/SSLRecordInternal.c
@@ -28,7 +28,6 @@
 #include "SSLRecordInternal.h"
 #include "sslDebug.h"
 #include "cipherSpecs.h"
 #include "SSLRecordInternal.h"
 #include "sslDebug.h"
 #include "cipherSpecs.h"
-#include "sslUtils.h"
 #include "tls_record_internal.h"
 
 #include <AssertMacros.h>
 #include "tls_record_internal.h"
 
 #include <AssertMacros.h>
@@ -136,6 +135,7 @@ static int SSLRecordReadInternal(SSLRecordContextRef ref, SSLRecord *rec)
     tls_record_parse_header(ctx->filter, header, &contentLen, &content_type);
 
     if(content_type&0x80) {
     tls_record_parse_header(ctx->filter, header, &contentLen, &content_type);
 
     if(content_type&0x80) {
+        sslDebugLog("Detected SSL2 record in SSLReadRecordInternal");
         // Looks like SSL2 record, reset expectations.
         head = 2;
         err=tls_record_parse_ssl2_header(ctx->filter, header, &contentLen, &content_type);
         // Looks like SSL2 record, reset expectations.
         head = 2;
         err=tls_record_parse_ssl2_header(ctx->filter, header, &contentLen, &content_type);
@@ -144,17 +144,23 @@ static int SSLRecordReadInternal(SSLRecordContextRef ref, SSLRecord *rec)
 
     check(ctx->partialReadBuffer.length>=head+contentLen);
 
 
     check(ctx->partialReadBuffer.length>=head+contentLen);
 
-    if(head+contentLen>ctx->partialReadBuffer.length)
+    if(head+contentLen>ctx->partialReadBuffer.length) {
+        sslDebugLog("overflow in SSLReadRecordInternal");
         return errSSLRecordRecordOverflow;
         return errSSLRecordRecordOverflow;
+    }
 
     if (ctx->amountRead < head + contentLen)
 
     if (ctx->amountRead < head + contentLen)
-    {   readData.length = head + contentLen - ctx->amountRead;
+    {
+        readData.length = head + contentLen - ctx->amountRead;
         readData.data = ctx->partialReadBuffer.data + ctx->amountRead;
         len = readData.length;
         err = sslIoRead(readData, &len, ctx);
         if(err != 0)
         readData.data = ctx->partialReadBuffer.data + ctx->amountRead;
         len = readData.length;
         err = sslIoRead(readData, &len, ctx);
         if(err != 0)
-        {   if (err == errSSLRecordWouldBlock)
-            ctx->amountRead += len;
+        {
+            if (err == errSSLRecordWouldBlock)
+            {
+                ctx->amountRead += len;
+            }
             return err;
         }
         ctx->amountRead += len;
             return err;
         }
         ctx->amountRead += len;
@@ -179,7 +185,7 @@ static int SSLRecordReadInternal(SSLRecordContextRef ref, SSLRecord *rec)
         /* There was an underflow - For TLS, we return errSSLRecordClosedAbort for historical reason - see ssl-44-crashes test */
         if(sz==0) {
             sslErrorLog("underflow in SSLReadRecordInternal");
         /* There was an underflow - For TLS, we return errSSLRecordClosedAbort for historical reason - see ssl-44-crashes test */
         if(sz==0) {
             sslErrorLog("underflow in SSLReadRecordInternal");
-            if(ctx->dtls) {
+            if(ctx->sslCtx->isDTLS) {
                 // For DTLS, we should just drop it.
                 return errSSLRecordUnexpectedRecord;
             } else {
                 // For DTLS, we should just drop it.
                 return errSSLRecordUnexpectedRecord;
             } else {
@@ -276,7 +282,7 @@ static int
 SSLSetInternalRecordLayerProtocolVersion(SSLRecordContextRef ref, SSLProtocolVersion negVersion)
 {
     struct SSLRecordInternalContext *ctx = ref;
 SSLSetInternalRecordLayerProtocolVersion(SSLRecordContextRef ref, SSLProtocolVersion negVersion)
 {
     struct SSLRecordInternalContext *ctx = ref;
-    return tls_record_set_protocol_version(ctx->filter, negVersion);
+    return tls_record_set_protocol_version(ctx->filter, (tls_protocol_version) negVersion);
 }
 
 static int
 }
 
 static int
@@ -317,10 +323,8 @@ SSLRecordSetOption(SSLRecordContextRef ref, SSLRecordOption option, bool value)
     switch (option) {
         case kSSLRecordOptionSendOneByteRecord:
             return tls_record_set_record_splitting(ctx->filter, value);
     switch (option) {
         case kSSLRecordOptionSendOneByteRecord:
             return tls_record_set_record_splitting(ctx->filter, value);
-            break;
         default:
             return 0;
         default:
             return 0;
-            break;
     }
 }
 
     }
 }
 
mirror of Security