diff options
author | wtc@chromium.org <wtc@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2009-08-06 18:21:14 +0000 |
---|---|---|
committer | wtc@chromium.org <wtc@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2009-08-06 18:21:14 +0000 |
commit | e05c55d4aa4b1e8698f4d013c7ad4899fa9f933c (patch) | |
tree | 949cf8184e8c47cada0016358498ab4f61fc52dc | |
parent | 9f75d561e947566e2d3b75e811fba8a7bd7f2085 (diff) | |
download | chromium_src-e05c55d4aa4b1e8698f4d013c7ad4899fa9f933c.zip chromium_src-e05c55d4aa4b1e8698f4d013c7ad4899fa9f933c.tar.gz chromium_src-e05c55d4aa4b1e8698f4d013c7ad4899fa9f933c.tar.bz2 |
Initialize 'processed' to 0 before passing its address to SSLRead or
SSLWrite.
Ignore errSSLClosedNoNotify for site compatibility, even though it
makes us potentially vulnerable to truncation attacks.
Replace the default ERR_FAILED error code with the more specific
ERR_SSL_PROTOCOL_ERROR.
R=avi
BUG=http://crbug.com/16758
TEST=see bug 16758 for a test case.
Review URL: http://codereview.chromium.org/165025
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@22626 0039d316-1c4b-4281-b951-d872f2087c98
-rw-r--r-- | net/socket/ssl_client_socket_mac.cc | 16 | ||||
-rw-r--r-- | net/socket/ssl_client_socket_win.cc | 4 |
2 files changed, 12 insertions, 8 deletions
diff --git a/net/socket/ssl_client_socket_mac.cc b/net/socket/ssl_client_socket_mac.cc index 6061dde..dd56e35 100644 --- a/net/socket/ssl_client_socket_mac.cc +++ b/net/socket/ssl_client_socket_mac.cc @@ -538,7 +538,7 @@ void SSLClientSocketMac::OnWriteComplete(int result) { } int SSLClientSocketMac::DoPayloadRead() { - size_t processed; + size_t processed = 0; OSStatus status = SSLRead(ssl_context_, user_buf_->data(), user_buf_len_, @@ -550,20 +550,24 @@ int SSLClientSocketMac::DoPayloadRead() { // along with partial data). So even though "would block" is returned, if we // have data, let's just return it. - if (processed > 0) { - next_state_ = STATE_NONE; + if (processed > 0) return processed; + + if (status == errSSLClosedNoNotify) { + // TODO(wtc): Unless we have received the close_notify alert, we need to + // return an error code indicating that the SSL connection ended + // uncleanly, a potential truncation attack. See http://crbug.com/18586. + return OK; } - if (status == errSSLWouldBlock) { + if (status == errSSLWouldBlock) next_state_ = STATE_PAYLOAD_READ; - } return NetErrorFromOSStatus(status); } int SSLClientSocketMac::DoPayloadWrite() { - size_t processed; + size_t processed = 0; OSStatus status = SSLWrite(ssl_context_, user_buf_->data(), user_buf_len_, diff --git a/net/socket/ssl_client_socket_win.cc b/net/socket/ssl_client_socket_win.cc index 86412d5..fba04ea 100644 --- a/net/socket/ssl_client_socket_win.cc +++ b/net/socket/ssl_client_socket_win.cc @@ -928,9 +928,9 @@ int SSLClientSocketWin::DoPayloadReadComplete(int result) { if (result == 0 && !ignore_ok_result_) { // TODO(wtc): Unless we have received the close_notify alert, we need to // return an error code indicating that the SSL connection ended - // uncleanly, a potential truncation attack. + // uncleanly, a potential truncation attack. See http://crbug.com/18586. if (bytes_received_ != 0) - return ERR_FAILED; + return ERR_SSL_PROTOCOL_ERROR; return OK; } |