From f29d4702f703e4a3bb0aa2276e7bd6ec7b24defa Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 10 Aug 2018 11:31:15 +0100 Subject: [PATCH] Reset in/out pointers on SSL session reset If a previous session was interrupted during flushing, the out pointers might point arbitrarily into the output buffer. --- library/ssl_tls.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index f2bb74838..df21cbd2b 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -6300,8 +6300,8 @@ static int ssl_session_reset_int( mbedtls_ssl_context *ssl, int partial ) ssl->secure_renegotiation = MBEDTLS_SSL_LEGACY_RENEGOTIATION; ssl->in_offt = NULL; + ssl_reset_in_out_pointers( ssl ); - ssl->in_msg = ssl->in_buf + 13; ssl->in_msgtype = 0; ssl->in_msglen = 0; #if defined(MBEDTLS_SSL_PROTO_DTLS) @@ -6317,7 +6317,6 @@ static int ssl_session_reset_int( mbedtls_ssl_context *ssl, int partial ) ssl->keep_current_message = 0; - ssl->out_msg = ssl->out_buf + 13; ssl->out_msgtype = 0; ssl->out_msglen = 0; ssl->out_left = 0;