From 4d7db03fe5371fa81523b6d2bdb2bed1dd23a8c2 Mon Sep 17 00:00:00 2001 From: Garrett D'Amore Date: Sun, 26 Jul 2020 10:57:11 -0700 Subject: fixes #1235 framing error in SSL/TLS This was first detected as a stack overrun, but in actuality the problem could have lead to corruption of TLS messages due to prematurely recording transmit completion. --- src/supplemental/tls/tls_common.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'src') diff --git a/src/supplemental/tls/tls_common.c b/src/supplemental/tls/tls_common.c index 409c6600..5587cfbd 100644 --- a/src/supplemental/tls/tls_common.c +++ b/src/supplemental/tls/tls_common.c @@ -1098,6 +1098,8 @@ tls_tcp_send_cb(void *arg) count = nni_aio_count(aio); NNI_ASSERT(count <= conn->tcp_send_len); conn->tcp_send_len -= count; + conn->tcp_send_tail += count; + conn->tcp_send_tail %= NNG_TLS_MAX_SEND_SIZE; tls_tcp_send_start(conn); if (tls_do_handshake(conn)) { @@ -1180,6 +1182,7 @@ tls_tcp_send_start(tls_conn *conn) while (len > 0) { size_t cnt; + NNI_ASSERT(nio < 2); if (tail < head) { cnt = head - tail; } else { @@ -1196,7 +1199,6 @@ tls_tcp_send_start(tls_conn *conn) nio++; } conn->tcp_send_active = true; - conn->tcp_send_tail = tail; nni_aio_set_iov(&conn->tcp_send, nio, iov); nng_stream_send(conn->tcp, &conn->tcp_send); } -- cgit v1.2.3-70-g09d2