diff options
| author | Michael Brown | 2013-01-30 17:58:17 +0100 |
|---|---|---|
| committer | Michael Brown | 2013-01-31 10:59:36 +0100 |
| commit | 0acc52519de732f4f010e1029e1308cee825eaed (patch) | |
| tree | fec736bad239f85a595b08e7251a4808eae35cbb /src/net/tls.c | |
| parent | [src] Fix spelling in comments, debug messages and local variable names (diff) | |
| download | ipxe-0acc52519de732f4f010e1029e1308cee825eaed.tar.gz ipxe-0acc52519de732f4f010e1029e1308cee825eaed.tar.xz ipxe-0acc52519de732f4f010e1029e1308cee825eaed.zip | |
[tls] Concatenate received non-data records before processing
Allow non-data records to be split across multiple received I/O
buffers, to accommodate large certificate chains.
Reported-by: Nicola Volpini <Nicola.Volpini@kambi.com>
Tested-by: Nicola Volpini <Nicola.Volpini@kambi.com>
Signed-off-by: Michael Brown <mcb30@ipxe.org>
Diffstat (limited to 'src/net/tls.c')
| -rw-r--r-- | src/net/tls.c | 22 |
1 files changed, 10 insertions, 12 deletions
diff --git a/src/net/tls.c b/src/net/tls.c index 4ad131c8..5e18f726 100644 --- a/src/net/tls.c +++ b/src/net/tls.c @@ -105,10 +105,6 @@ FILE_LICENCE ( GPL2_OR_LATER ); #define EINFO_EINVAL_MAC \ __einfo_uniqify ( EINFO_EINVAL, 0x0d, \ "Invalid MAC" ) -#define EINVAL_NON_DATA __einfo_error ( EINFO_EINVAL_NON_DATA ) -#define EINFO_EINVAL_NON_DATA \ - __einfo_uniqify ( EINFO_EINVAL, 0x0e, \ - "Overlength non-data record" ) #define EIO_ALERT __einfo_error ( EINFO_EIO_ALERT ) #define EINFO_EIO_ALERT \ __einfo_uniqify ( EINFO_EINVAL, 0x01, \ @@ -137,6 +133,10 @@ FILE_LICENCE ( GPL2_OR_LATER ); #define EINFO_ENOMEM_RX_DATA \ __einfo_uniqify ( EINFO_ENOMEM, 0x07, \ "Not enough space for received data" ) +#define ENOMEM_RX_CONCAT __einfo_error ( EINFO_ENOMEM_RX_CONCAT ) +#define EINFO_ENOMEM_RX_CONCAT \ + __einfo_uniqify ( EINFO_ENOMEM, 0x08, \ + "Not enough space to concatenate received data" ) #define ENOTSUP_CIPHER __einfo_error ( EINFO_ENOTSUP_CIPHER ) #define EINFO_ENOTSUP_CIPHER \ __einfo_uniqify ( EINFO_ENOTSUP, 0x01, \ @@ -1743,14 +1743,12 @@ static int tls_new_record ( struct tls_session *tls, unsigned int type, return 0; } - /* For all other records, fail unless we have exactly one I/O buffer */ - iobuf = list_first_entry ( rx_data, struct io_buffer, list ); - assert ( iobuf != NULL ); - list_del ( &iobuf->list ); - if ( ! list_empty ( rx_data ) ) { - DBGC ( tls, "TLS %p overlength non-data record\n", tls ); - free_iob ( iobuf ); - return -EINVAL_NON_DATA; + /* For all other records, merge into a single I/O buffer */ + iobuf = iob_concatenate ( rx_data ); + if ( ! iobuf ) { + DBGC ( tls, "TLS %p could not concatenate non-data record " + "type %d\n", tls, type ); + return -ENOMEM_RX_CONCAT; } /* Determine handler */ |