diff options
-rw-r--r-- | lib/record.c | 23 |
1 files changed, 22 insertions, 1 deletions
diff --git a/lib/record.c b/lib/record.c index be5f867141..a0c9d5cf5a 100644 --- a/lib/record.c +++ b/lib/record.c @@ -776,6 +776,20 @@ record_add_to_buffers(gnutls_session_t session, && (type == GNUTLS_APPLICATION_DATA || type == GNUTLS_CHANGE_CIPHER_SPEC || type == GNUTLS_HANDSHAKE)) { + if (bufel->msg.size == 0) { + if (type == GNUTLS_APPLICATION_DATA) { + /* this is needed to distinguish an empty + * message and EOF */ + ret = GNUTLS_E_AGAIN; + goto cleanup; + } else { + ret = + gnutls_assert_val + (GNUTLS_E_UNEXPECTED_PACKET); + goto unexpected_packet; + } + } + _gnutls_record_buffer_put(session, type, seq, bufel); /* if we received application data as expected then we @@ -1374,7 +1388,14 @@ _gnutls_recv_in_buffers(gnutls_session_t session, content_type_t type, * In that case we go to the beginning and start reading * the next packet. */ - if (_mbuffer_get_udata_size(decrypted) == 0) { + if (_mbuffer_get_udata_size(decrypted) == 0 && + /* Under TLS 1.3, there are only AEAD ciphers and this + * logic is meaningless. Moreover, the implementation need + * to send correct alert upon receiving empty messages in + * certain occasions. Skip this and leave + * record_add_to_buffers() to handle the empty + * messages. */ + !(vers && vers->tls13_sem)) { _mbuffer_xfree(&decrypted); n_retries++; goto begin; |