X-Git-Url: https://git.saurik.com/apple/security.git/blobdiff_plain/5c19dc3ae3bd8e40a9c028b0deddd50ff337692c..7e6b461318c8a779d91381531435a68ee4e8b6ed:/OSX/libsecurity_ssl/lib/SSLRecordInternal.c

diff --git a/OSX/libsecurity_ssl/lib/SSLRecordInternal.c b/OSX/libsecurity_ssl/lib/SSLRecordInternal.c
index 9b000871..8da7af2a 100644
--- a/OSX/libsecurity_ssl/lib/SSLRecordInternal.c
+++ b/OSX/libsecurity_ssl/lib/SSLRecordInternal.c
@@ -28,7 +28,6 @@
 #include "SSLRecordInternal.h"
 #include "sslDebug.h"
 #include "cipherSpecs.h"
-#include "sslUtils.h"
 #include "tls_record_internal.h"
 
 #include <AssertMacros.h>
@@ -136,6 +135,7 @@ static int SSLRecordReadInternal(SSLRecordContextRef ref, SSLRecord *rec)
     tls_record_parse_header(ctx->filter, header, &contentLen, &content_type);
 
     if(content_type&0x80) {
+        sslDebugLog("Detected SSL2 record in SSLReadRecordInternal");
         // Looks like SSL2 record, reset expectations.
         head = 2;
         err=tls_record_parse_ssl2_header(ctx->filter, header, &contentLen, &content_type);
@@ -144,17 +144,23 @@ static int SSLRecordReadInternal(SSLRecordContextRef ref, SSLRecord *rec)
 
     check(ctx->partialReadBuffer.length>=head+contentLen);
 
-    if(head+contentLen>ctx->partialReadBuffer.length)
+    if(head+contentLen>ctx->partialReadBuffer.length) {
+        sslDebugLog("overflow in SSLReadRecordInternal");
         return errSSLRecordRecordOverflow;
+    }
 
     if (ctx->amountRead < head + contentLen)
-    {   readData.length = head + contentLen - ctx->amountRead;
+    {
+        readData.length = head + contentLen - ctx->amountRead;
         readData.data = ctx->partialReadBuffer.data + ctx->amountRead;
         len = readData.length;
         err = sslIoRead(readData, &len, ctx);
         if(err != 0)
-        {   if (err == errSSLRecordWouldBlock)
-            ctx->amountRead += len;
+        {
+            if (err == errSSLRecordWouldBlock)
+            {
+                ctx->amountRead += len;
+            }
             return err;
         }
         ctx->amountRead += len;
@@ -179,7 +185,7 @@ static int SSLRecordReadInternal(SSLRecordContextRef ref, SSLRecord *rec)
         /* There was an underflow - For TLS, we return errSSLRecordClosedAbort for historical reason - see ssl-44-crashes test */
         if(sz==0) {
             sslErrorLog("underflow in SSLReadRecordInternal");
-            if(ctx->dtls) {
+            if(ctx->sslCtx->isDTLS) {
                 // For DTLS, we should just drop it.
                 return errSSLRecordUnexpectedRecord;
             } else {
@@ -276,7 +282,7 @@ static int
 SSLSetInternalRecordLayerProtocolVersion(SSLRecordContextRef ref, SSLProtocolVersion negVersion)
 {
     struct SSLRecordInternalContext *ctx = ref;
-    return tls_record_set_protocol_version(ctx->filter, negVersion);
+    return tls_record_set_protocol_version(ctx->filter, (tls_protocol_version) negVersion);
 }
 
 static int
@@ -317,10 +323,8 @@ SSLRecordSetOption(SSLRecordContextRef ref, SSLRecordOption option, bool value)
     switch (option) {
         case kSSLRecordOptionSendOneByteRecord:
             return tls_record_set_record_splitting(ctx->filter, value);
-            break;
         default:
             return 0;
-            break;
     }
 }