diff options
| author |   jsing <jsing@openbsd.org> | 2016-07-06 02:32:57 +0000 |
|---|---|---|
| committer | jsing <jsing@openbsd.org> | 2016-07-06 02:32:57 +0000 |
| commit | 38c90daa52759ff3b98f4e46027b9ff1383459c0 (patch) | |
| tree | c3b75e273bc0e5ded59665634d933b4854eafb71 | |
| parent | Some new tests related to bin/cat.c rev. 1.25, (diff) | |
| download | wireguard-openbsd-38c90daa52759ff3b98f4e46027b9ff1383459c0.tar.xz wireguard-openbsd-38c90daa52759ff3b98f4e46027b9ff1383459c0.zip | |
Correctly handle an EOF that occurs prior to the TLS handshake completing.
Reported by Vasily Kolobkov, based on a diff from Marko Kreen.
ok beck@
| -rw-r--r-- | lib/libtls/tls.c | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/lib/libtls/tls.c b/lib/libtls/tls.c index 76d00e53f36..783d320a9d4 100644 --- a/lib/libtls/tls.c +++ b/lib/libtls/tls.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls.c,v 1.38 2016/05/27 14:38:40 jsing Exp $ */ +/* $OpenBSD: tls.c,v 1.39 2016/07/06 02:32:57 jsing Exp $ */ /* * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> * @@ -418,8 +418,11 @@ tls_ssl_error(struct tls *ctx, SSL *ssl_conn, int ssl_ret, const char *prefix) if ((err = ERR_peek_error()) != 0) { errstr = ERR_error_string(err, NULL); } else if (ssl_ret == 0) { - ctx->state |= TLS_EOF_NO_CLOSE_NOTIFY; - return (0); + if ((ctx->state & TLS_HANDSHAKE_COMPLETE) != 0) { + ctx->state |= TLS_EOF_NO_CLOSE_NOTIFY; + return (0); + } + errstr = "unexpected EOF"; } else if (ssl_ret == -1) { errstr = strerror(errno); } |