From 565a53f35cb7a40b4e551f5c63672020eb4809c8 Mon Sep 17 00:00:00 2001
From: Bernd Edlinger <bernd.edlinger@hotmail.de>
Date: Mon, 6 Nov 2017 11:27:41 +0100
Subject: [PATCH] Fix error handling in heartbeat processing

Fixes: #4590

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4681)
---
 ssl/s3_pkt.c | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c
index 04212c51e7..b914568430 100644
--- a/ssl/s3_pkt.c
+++ b/ssl/s3_pkt.c
@@ -1324,10 +1324,16 @@ int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
         }
 #ifndef OPENSSL_NO_HEARTBEATS
         else if (rr->type == TLS1_RT_HEARTBEAT) {
-            tls1_process_heartbeat(s);
+            i = tls1_process_heartbeat(s);
+
+            if (i < 0)
+                return i;
 
-            /* Exit and notify application to read again */
             rr->length = 0;
+            if (s->mode & SSL_MODE_AUTO_RETRY)
+                goto start;
+
+            /* Exit and notify application to read again */
             s->rwstate = SSL_READING;
             BIO_clear_retry_flags(SSL_get_rbio(s));
             BIO_set_retry_read(SSL_get_rbio(s));
-- 
2.25.1