[gnutls-dev][PATCH] inappropriate buffer check in _gnutls_io_read_buffered

[Ian Peters]

--=-RxCweKtCnSX2x75sHdni
Content-Type: text/plain
Content-Transfer-Encoding: 7bit

Hi,

I'm integrating GnuTLS support into our internal HTTP transfer library,
and I was running into some problems with UNEXPECTED_PACKET_LENGTH
errors.  I eventually tracked these down to one place, in
_gnutls_recv_int, which calls _gnutls_io_read_buffered.

The first check in that function verifies that the received packet isn't
larger than the MAX_RECV_SIZE, but the third condition appears to be
bogus.  Specifically, _gnutls_io_read_buffered will be recalled in cases
where GNUTLS_E_AGAIN, which lead to the function incorrectly returning
GNUTLS_E_INVALID_REQUEST.  The attached patch seems to fix the issue.

Ian

--=-RxCweKtCnSX2x75sHdni
Content-Disposition: attachment; filename=gnutls-_gnutls_io_read_buffered.patch
Content-Type: text/x-patch; name=gnutls-_gnutls_io_read_buffered.patch; charset=UTF-8
Content-Transfer-Encoding: 7bit

diff -u -r gnutls-0.8.3/lib/gnutls_buffers.c gnutls-0.8.3.new/lib/gnutls_buffers.c
--- gnutls-0.8.3/lib/gnutls_buffers.c	2003-01-20 11:46:04.000000000 -0500
+++ gnutls-0.8.3.new/lib/gnutls_buffers.c	2003-03-05 17:44:50.000000000 -0500
@@ -330,8 +330,7 @@
 
 	*iptr = session->internals.record_recv_buffer.data;
 
-	if ( sizeOfPtr > MAX_RECV_SIZE || sizeOfPtr == 0 
- 	   || (session->internals.record_recv_buffer.length+sizeOfPtr) > MAX_RECV_SIZE) 
+	if ( sizeOfPtr > MAX_RECV_SIZE || sizeOfPtr == 0)
 	{
 		gnutls_assert(); /* internal error */
 		return GNUTLS_E_INVALID_REQUEST;

--=-RxCweKtCnSX2x75sHdni--