Don't forget about pending alerts after ssl_get_next_record()

ssl_get_next_record() may pend fatal alerts in response to receiving
invalid records. Previously, however, those were never actually sent
because there was no code-path checking for pending alerts.

This commit adds a call to ssl_send_pending_fatal_alert() after
the invocation of ssl_get_next_record() to fix this.
This commit is contained in:
Hanno Becker 2019-07-26 07:25:20 +01:00
parent b82350b25f
commit 42a6b04c4a

View file

@ -5116,6 +5116,7 @@ int mbedtls_ssl_read_record( mbedtls_ssl_context *ssl,
if( ret != 0 ) if( ret != 0 )
{ {
MBEDTLS_SSL_DEBUG_RET( 1, ( "ssl_get_next_record" ), ret ); MBEDTLS_SSL_DEBUG_RET( 1, ( "ssl_get_next_record" ), ret );
ssl_send_pending_fatal_alert( ssl );
return( ret ); return( ret );
} }
} }