Fix incomplete assertion in ssl_write_handshake_msg()
ssl_write_handshake_msg() includes the assertion that `ssl->handshake != NULL` when handling a record which is (a) a handshake message, and NOT (b) a HelloRequest. However, it later calls `ssl_append_flight()` for any record different from a HelloRequest handshake record, that is, records satisfying !(a) || !(b), instead of (a) && !(b) as covered by the assertion (specifically, CCS or Alert records). Since `ssl_append_flight()` assumes that `ssl->handshake != NULL`, this rightfully triggers static analyzer warnings. This commit expands the scope of the assertion to check that `ssl->handshake != NULL` for any record which is not a HelloRequest.
This commit is contained in:
parent
06f88e9c42
commit
f6d6e30820
1 changed files with 6 additions and 4 deletions
|
@ -3200,8 +3200,10 @@ int mbedtls_ssl_write_handshake_msg( mbedtls_ssl_context *ssl )
|
|||
}
|
||||
}
|
||||
|
||||
if( ssl->out_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE &&
|
||||
hs_type != MBEDTLS_SSL_HS_HELLO_REQUEST &&
|
||||
/* Whenever we send anything different from a
|
||||
* HelloRequest we should be in a handshake - double check. */
|
||||
if( ! ( ssl->out_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE &&
|
||||
hs_type == MBEDTLS_SSL_HS_HELLO_REQUEST ) &&
|
||||
ssl->handshake == NULL )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
|
||||
|
@ -3295,8 +3297,8 @@ int mbedtls_ssl_write_handshake_msg( mbedtls_ssl_context *ssl )
|
|||
/* Either send now, or just save to be sent (and resent) later */
|
||||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
|
||||
( ssl->out_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE ||
|
||||
hs_type != MBEDTLS_SSL_HS_HELLO_REQUEST ) )
|
||||
! ( ssl->out_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE &&
|
||||
hs_type == MBEDTLS_SSL_HS_HELLO_REQUEST ) )
|
||||
{
|
||||
if( ( ret = ssl_flight_append( ssl ) ) != 0 )
|
||||
{
|
||||
|
|
Loading…
Reference in a new issue