|
 |
873a72 |
diff --git a/lib/gnutls_handshake.c b/lib/gnutls_handshake.c
|
|
|
873a72 |
index 53f1ef1..759c67e 100644
|
|
|
873a72 |
--- a/lib/gnutls_handshake.c
|
|
|
873a72 |
+++ b/lib/gnutls_handshake.c
|
|
|
873a72 |
@@ -2491,7 +2491,8 @@ static int _gnutls_recv_supplemental(gnutls_session_t session)
|
|
|
873a72 |
* full handshake will be performed.
|
|
|
873a72 |
*
|
|
|
873a72 |
* The non-fatal errors expected by this function are:
|
|
|
873a72 |
- * %GNUTLS_E_INTERRUPTED, %GNUTLS_E_AGAIN, and %GNUTLS_E_WARNING_ALERT_RECEIVED.
|
|
|
873a72 |
+ * %GNUTLS_E_INTERRUPTED, %GNUTLS_E_AGAIN,
|
|
|
873a72 |
+ * %GNUTLS_E_LARGE_PACKET and %GNUTLS_E_WARNING_ALERT_RECEIVED.
|
|
|
873a72 |
* The former two interrupt the handshake procedure due to the lower
|
|
|
873a72 |
* layer being interrupted, and the latter because of an alert that
|
|
|
873a72 |
* may be sent by a server (it is always a good idea to check any
|
|
|
873a72 |
@@ -2600,12 +2601,15 @@ gnutls_handshake_set_timeout(gnutls_session_t session, unsigned int ms)
|
|
|
873a72 |
#define IMED_RET( str, ret, allow_alert) do { \
|
|
|
873a72 |
if (ret < 0) { \
|
|
|
873a72 |
/* EAGAIN and INTERRUPTED are always non-fatal */ \
|
|
|
873a72 |
- if (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED) \
|
|
|
873a72 |
+ if (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED || ret == GNUTLS_E_LARGE_PACKET) \
|
|
|
873a72 |
return ret; \
|
|
|
873a72 |
/* a warning alert might interrupt handshake */ \
|
|
|
873a72 |
if (allow_alert != 0 && ret==GNUTLS_E_WARNING_ALERT_RECEIVED) return ret; \
|
|
|
873a72 |
gnutls_assert(); \
|
|
|
873a72 |
ERR( str, ret); \
|
|
|
873a72 |
+ /* do not allow non-fatal errors at this point */ \
|
|
|
873a72 |
+ if (gnutls_error_is_fatal(ret) == 0) ret = gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR); \
|
|
|
873a72 |
+ session_invalidate(session); \
|
|
|
873a72 |
_gnutls_handshake_hash_buffers_clear(session); \
|
|
|
873a72 |
return ret; \
|
|
|
873a72 |
} } while (0)
|
|
|
873a72 |
diff --git a/lib/gnutls_record.c b/lib/gnutls_record.c
|
|
|
873a72 |
index e2a492d..157d12a 100644
|
|
|
873a72 |
--- a/lib/gnutls_record.c
|
|
|
873a72 |
+++ b/lib/gnutls_record.c
|
|
|
873a72 |
@@ -349,12 +349,6 @@ int gnutls_bye(gnutls_session_t session, gnutls_close_request_t how)
|
|
|
873a72 |
return 0;
|
|
|
873a72 |
}
|
|
|
873a72 |
|
|
|
873a72 |
-inline static void session_invalidate(gnutls_session_t session)
|
|
|
873a72 |
-{
|
|
|
873a72 |
- session->internals.invalid_connection = 1;
|
|
|
873a72 |
-}
|
|
|
873a72 |
-
|
|
|
873a72 |
-
|
|
|
873a72 |
inline static void session_unresumable(gnutls_session_t session)
|
|
|
873a72 |
{
|
|
|
873a72 |
session->internals.resumable = RESUME_FALSE;
|
|
|
873a72 |
diff --git a/lib/gnutls_record.h b/lib/gnutls_record.h
|
|
|
873a72 |
index 50ff08d..cb0320c 100644
|
|
|
873a72 |
--- a/lib/gnutls_record.h
|
|
|
873a72 |
+++ b/lib/gnutls_record.h
|
|
|
873a72 |
@@ -101,4 +101,9 @@ unsigned int get_total_headers2(gnutls_session_t session, record_parameters_st *
|
|
|
873a72 |
return total + _gnutls_cipher_get_explicit_iv_size(params->cipher);
|
|
|
873a72 |
}
|
|
|
873a72 |
|
|
|
873a72 |
+inline static void session_invalidate(gnutls_session_t session)
|
|
|
873a72 |
+{
|
|
|
873a72 |
+ session->internals.invalid_connection = 1;
|
|
|
873a72 |
+}
|
|
|
873a72 |
+
|
|
|
873a72 |
#endif
|