Merge pull request #1946 from hanno-arm/alert_reentrant

Make mbedtls_ssl_send_alert_message() reentrant
This commit is contained in:
Gilles Peskine 2022-04-12 11:05:20 +02:00 committed by GitHub
commit 43b0943736
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 8 additions and 3 deletions

View file

@ -0,0 +1,5 @@
Bugfix
* Fix bug in the alert sending function mbedtls_ssl_send_alert_message()
potentially leading to corrupted alert messages being sent in case
the function needs to be re-called after initially returning
MBEDTLS_SSL_WANT_WRITE. Fixes #1916.

View file

@ -4855,6 +4855,9 @@ int mbedtls_ssl_send_alert_message( mbedtls_ssl_context *ssl,
if( ssl == NULL || ssl->conf == NULL )
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
if( ssl->out_left != 0 )
return( mbedtls_ssl_flush_output( ssl ) );
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> send alert message" ) );
MBEDTLS_SSL_DEBUG_MSG( 3, ( "send alert level=%u message=%u", level, message ));
@ -5714,9 +5717,6 @@ int mbedtls_ssl_close_notify( mbedtls_ssl_context *ssl )
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write close notify" ) );
if( ssl->out_left != 0 )
return( mbedtls_ssl_flush_output( ssl ) );
if( mbedtls_ssl_is_handshake_over( ssl ) == 1 )
{
if( ( ret = mbedtls_ssl_send_alert_message( ssl,