There is only one read buffer

Pipelining introduced the concept of multiple records being read in one go. Therefore we work with an array of SSL3_RECORD objects. The pipelining change erroneously made a change in ssl3_get_record() to apply the current record offset to the SSL3_BUFFER we are using for reading. This is wrong - there is only ever one read buffer. This reverts that change. In practice this should make little difference because the code block in question is only ever used when we are processing a single record. Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
author: Matt Caswell <matt@openssl.org> 2016-04-26 16:00:09 +0100
committer: Matt Caswell <matt@openssl.org> 2016-05-17 16:37:45 +0100
commit: 6da573921503126f3f4f4f48dedce41e5b0ea780 (patch)
tree: 48ed3779ce2911aa2544193f628128778d205a0a /ssl
parent: 5507b9610af8ba521ac10488b5cb6d6c6f1c69fa (diff)
download: openssl-6da573921503126f3f4f4f48dedce41e5b0ea780.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/ssl/record/ssl3_record.c b/ssl/record/ssl3_record.c
index 3c285726c1..766c3af552 100644
--- a/ssl/record/ssl3_record.c
+++ b/ssl/record/ssl3_record.c
@@ -276,7 +276,7 @@ int ssl3_get_record(SSL *s)
 
                 rr[num_recs].length = ((p[0] & 0x7f) << 8) | p[1];
 
-                if (rr[num_recs].length > SSL3_BUFFER_get_len(&rbuf[num_recs])
+                if (rr[num_recs].length > SSL3_BUFFER_get_len(rbuf)
                                  - SSL2_RT_HEADER_LENGTH) {
                     al = SSL_AD_RECORD_OVERFLOW;
                     SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_PACKET_LENGTH_TOO_LONG);
author	Matt Caswell <matt@openssl.org>	2016-04-26 16:00:09 +0100
committer	Matt Caswell <matt@openssl.org>	2016-05-17 16:37:45 +0100
commit	6da573921503126f3f4f4f48dedce41e5b0ea780 (patch)
tree	48ed3779ce2911aa2544193f628128778d205a0a /ssl
parent	5507b9610af8ba521ac10488b5cb6d6c6f1c69fa (diff)
download	openssl-6da573921503126f3f4f4f48dedce41e5b0ea780.tar.gz