Branch: Tag:

2015-04-13

2015-04-13 12:42:48 by Martin Nilsson <nilsson@opera.com>

Streamlined the handling of illegal incoming packets a bit more.

927:    while (packet = recv_packet())    {    if (packet->is_alert) -  { /* Reply alert */ +  { +  // recv_packet returns packets with is_alert set if it is +  // generated on our side, as opposed to an alert that is +  // received. These are always fatal (wrong packet type, packet +  // version, packet size).    SSL3_DEBUG_MSG("SSL.Connection: Bad received packet\n");    if (alert_callback)    {
937:    (string)read_buffer);    here->rewind();    } +  +  // We or the packet may have been destructed by the +  // alert_callback.    if (this && packet)    send_packet(packet); -  if ((!packet) || (!this) || (packet->level == ALERT_fatal)) +     return -1; -  if (alert_callback) -  break; +     } -  else -  { +     SSL3_DEBUG_MSG("SSL.Connection: received packet of type %d\n",    packet->content_type);    switch (packet->content_type)
1088:    }    if (!session->heartbeat_mode) {    // RFC 6520 2: -  // If an endpoint that has indicated peer_not_allowed_to_send -  // receives a HeartbeatRequest message, the endpoint SHOULD -  // drop the message silently and MAY send an unexpected_message -  // Alert message. +  // If an endpoint that has indicated +  // peer_not_allowed_to_send receives a HeartbeatRequest +  // message, the endpoint SHOULD drop the message silently +  // and MAY send an unexpected_message Alert message.    send_packet(alert(ALERT_warning, ALERT_unexpected_message,    "Heart beat mode not enabled.\n"));    break;
1125:    break;    }    } -  } +        if (sizeof(res)) return res;    if (state & CONNECTION_peer_closed) return 1;    return "";   }