summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorwtc@chromium.org <wtc@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>2009-08-06 18:21:14 +0000
committerwtc@chromium.org <wtc@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>2009-08-06 18:21:14 +0000
commite05c55d4aa4b1e8698f4d013c7ad4899fa9f933c (patch)
tree949cf8184e8c47cada0016358498ab4f61fc52dc
parent9f75d561e947566e2d3b75e811fba8a7bd7f2085 (diff)
downloadchromium_src-e05c55d4aa4b1e8698f4d013c7ad4899fa9f933c.zip
chromium_src-e05c55d4aa4b1e8698f4d013c7ad4899fa9f933c.tar.gz
chromium_src-e05c55d4aa4b1e8698f4d013c7ad4899fa9f933c.tar.bz2
Initialize 'processed' to 0 before passing its address to SSLRead or
SSLWrite. Ignore errSSLClosedNoNotify for site compatibility, even though it makes us potentially vulnerable to truncation attacks. Replace the default ERR_FAILED error code with the more specific ERR_SSL_PROTOCOL_ERROR. R=avi BUG=http://crbug.com/16758 TEST=see bug 16758 for a test case. Review URL: http://codereview.chromium.org/165025 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@22626 0039d316-1c4b-4281-b951-d872f2087c98
-rw-r--r--net/socket/ssl_client_socket_mac.cc16
-rw-r--r--net/socket/ssl_client_socket_win.cc4
2 files changed, 12 insertions, 8 deletions
diff --git a/net/socket/ssl_client_socket_mac.cc b/net/socket/ssl_client_socket_mac.cc
index 6061dde..dd56e35 100644
--- a/net/socket/ssl_client_socket_mac.cc
+++ b/net/socket/ssl_client_socket_mac.cc
@@ -538,7 +538,7 @@ void SSLClientSocketMac::OnWriteComplete(int result) {
}
int SSLClientSocketMac::DoPayloadRead() {
- size_t processed;
+ size_t processed = 0;
OSStatus status = SSLRead(ssl_context_,
user_buf_->data(),
user_buf_len_,
@@ -550,20 +550,24 @@ int SSLClientSocketMac::DoPayloadRead() {
// along with partial data). So even though "would block" is returned, if we
// have data, let's just return it.
- if (processed > 0) {
- next_state_ = STATE_NONE;
+ if (processed > 0)
return processed;
+
+ if (status == errSSLClosedNoNotify) {
+ // TODO(wtc): Unless we have received the close_notify alert, we need to
+ // return an error code indicating that the SSL connection ended
+ // uncleanly, a potential truncation attack. See http://crbug.com/18586.
+ return OK;
}
- if (status == errSSLWouldBlock) {
+ if (status == errSSLWouldBlock)
next_state_ = STATE_PAYLOAD_READ;
- }
return NetErrorFromOSStatus(status);
}
int SSLClientSocketMac::DoPayloadWrite() {
- size_t processed;
+ size_t processed = 0;
OSStatus status = SSLWrite(ssl_context_,
user_buf_->data(),
user_buf_len_,
diff --git a/net/socket/ssl_client_socket_win.cc b/net/socket/ssl_client_socket_win.cc
index 86412d5..fba04ea 100644
--- a/net/socket/ssl_client_socket_win.cc
+++ b/net/socket/ssl_client_socket_win.cc
@@ -928,9 +928,9 @@ int SSLClientSocketWin::DoPayloadReadComplete(int result) {
if (result == 0 && !ignore_ok_result_) {
// TODO(wtc): Unless we have received the close_notify alert, we need to
// return an error code indicating that the SSL connection ended
- // uncleanly, a potential truncation attack.
+ // uncleanly, a potential truncation attack. See http://crbug.com/18586.
if (bytes_received_ != 0)
- return ERR_FAILED;
+ return ERR_SSL_PROTOCOL_ERROR;
return OK;
}