X-Git-Url: https://git.librecmc.org/?a=blobdiff_plain;f=ssl%2Fs3_pkt.c;h=9ab76604a64534192a45569a6f90257487b2135a;hb=9a22ce66c94294ee56d99870a47022ae0e067203;hp=a407c9d741d7672d1e01b5ffa9aa608e3ab231d0;hpb=b08b07b8ae6c216390727ee6b39afc79c6589973;p=oweals%2Fopenssl.git

diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c
index a407c9d741..9ab76604a6 100644
--- a/ssl/s3_pkt.c
+++ b/ssl/s3_pkt.c
@@ -704,7 +704,7 @@ static int ssl3_write_pending(SSL *s, int type, const unsigned char *buf,
  *     Application data protocol
  *             none of our business
  */
-int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len)
+int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
 	{
 	int al,i,j,ret;
 	unsigned int n;
@@ -715,7 +715,8 @@ int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len)
 		if (!ssl3_setup_buffers(s))
 			return(-1);
 
-	if ((type != SSL3_RT_APPLICATION_DATA) && (type != SSL3_RT_HANDSHAKE) && type)
+	if ((type && (type != SSL3_RT_APPLICATION_DATA) && (type != SSL3_RT_HANDSHAKE) && type) ||
+	    (peek && (type != SSL3_RT_APPLICATION_DATA)))
 		{
 		SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_INTERNAL_ERROR);
 		return -1;
@@ -726,7 +727,9 @@ int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len)
 		{
 		unsigned char *src = s->s3->handshake_fragment;
 		unsigned char *dst = buf;
+		unsigned int k;
 
+		/* peek == 0 */
 		n = 0;
 		while ((len > 0) && (s->s3->handshake_fragment_len > 0))
 			{
@@ -735,8 +738,8 @@ int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len)
 			n++;
 			}
 		/* move any remaining fragment bytes: */
-		for (i = 0; i < s->s3->handshake_fragment_len; i++)
-			s->s3->handshake_fragment[i] = *src++;
+		for (k = 0; k < s->s3->handshake_fragment_len; k++)
+			s->s3->handshake_fragment[k] = *src++;
 		return n;
 	}
 
@@ -762,7 +765,7 @@ start:
 	 * s->s3->rrec.length,  - number of bytes. */
 	rr = &(s->s3->rrec);
 
-	/* get new packet */
+	/* get new packet if necessary */
 	if ((rr->length == 0) || (s->rstate == SSL_ST_READ_BODY))
 		{
 		ret=ssl3_get_record(s);
@@ -780,7 +783,8 @@ start:
 		goto err;
 		}
 
-	/* If the other end has shutdown, throw anything we read away */
+	/* If the other end has shut down, throw anything we read away
+	 * (even in 'peek' mode) */
 	if (s->shutdown & SSL_RECEIVED_SHUTDOWN)
 		{
 		rr->length=0;
@@ -809,12 +813,15 @@ start:
 			n = (unsigned int)len;
 
 		memcpy(buf,&(rr->data[rr->off]),n);
-		rr->length-=n;
-		rr->off+=n;
-		if (rr->length == 0)
+		if (!peek)
 			{
-			s->rstate=SSL_ST_READ_HEADER;
-			rr->off=0;
+			rr->length-=n;
+			rr->off+=n;
+			if (rr->length == 0)
+				{
+				s->rstate=SSL_ST_READ_HEADER;
+				rr->off=0;
+				}
 			}
 		return(n);
 		}
@@ -898,19 +905,21 @@ start:
 					return(-1);
 					}
 
-				if (s->s3->rbuf.left == 0) /* no read-ahead left? */
+				if (!(s->mode & SSL_MODE_AUTO_RETRY))
 					{
-					BIO *bio;
-					/* In the case where we try to read application data
-					 * the first time, but we trigger an SSL handshake, we
-					 * return -1 with the retry option set.  I do this
-					 * otherwise renegotiation can cause nasty problems 
-					 * in the blocking world */ /* ? */
-					s->rwstate=SSL_READING;
-					bio=SSL_get_rbio(s);
-					BIO_clear_retry_flags(bio);
-					BIO_set_retry_read(bio);
-					return(-1);
+					if (s->s3->rbuf.left == 0) /* no read-ahead left? */
+						{
+						BIO *bio;
+						/* In the case where we try to read application data,
+						 * but we trigger an SSL handshake, we return -1 with
+						 * the retry option set.  Otherwise renegotiation may
+						 * cause nasty problems in the blocking world */
+						s->rwstate=SSL_READING;
+						bio=SSL_get_rbio(s);
+						BIO_clear_retry_flags(bio);
+						BIO_set_retry_read(bio);
+						return(-1);
+						}
 					}
 				}
 			}
@@ -953,7 +962,7 @@ start:
 			s->rwstate=SSL_NOTHING;
 			s->s3->fatal_alert = alert_descr;
 			SSLerr(SSL_F_SSL3_READ_BYTES, SSL_AD_REASON_OFFSET + alert_descr);
-			sprintf(tmp,"%d",alert_descr);
+			BIO_snprintf(tmp,sizeof tmp,"%d",alert_descr);
 			ERR_add_error_data(2,"SSL alert number ",tmp);
 			s->shutdown|=SSL_RECEIVED_SHUTDOWN;
 			SSL_CTX_remove_session(s->ctx,s->session);
@@ -1021,19 +1030,21 @@ start:
 			return(-1);
 			}
 
-		if (s->s3->rbuf.left == 0) /* no read-ahead left? */
+		if (!(s->mode & SSL_MODE_AUTO_RETRY))
 			{
-			BIO *bio;
-			/* In the case where we try to read application data
-			 * the first time, but we trigger an SSL handshake, we
-			 * return -1 with the retry option set.  I do this
-			 * otherwise renegotiation can cause nasty problems 
-			 * in the blocking world */ /* ? */
-			s->rwstate=SSL_READING;
-			bio=SSL_get_rbio(s);
-			BIO_clear_retry_flags(bio);
-			BIO_set_retry_read(bio);
-			return(-1);
+			if (s->s3->rbuf.left == 0) /* no read-ahead left? */
+				{
+				BIO *bio;
+				/* In the case where we try to read application data,
+				 * but we trigger an SSL handshake, we return -1 with
+				 * the retry option set.  Otherwise renegotiation may
+				 * cause nasty problems in the blocking world */
+				s->rwstate=SSL_READING;
+				bio=SSL_get_rbio(s);
+				BIO_clear_retry_flags(bio);
+				BIO_set_retry_read(bio);
+				return(-1);
+				}
 			}
 		goto start;
 		}