Bug 753136 - Track when alerts are sent and send a catch-all alert on…

… extension failures, r=ekr --HG-- extra : rebase_source : d109bcdd79d217bbe913e81910f4a4e3d4a6296b extra : histedit_source : 6b771a851e51081bf07c208ff1d7c09d02e6e6fa
sailfishos-mirror · Mar 16, 2015 · 981eb8d · 981eb8d
1 parent 782aec3
commit 981eb8d
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 0 deletions.
diff --git a/lib/ssl/ssl3con.c b/lib/ssl/ssl3con.c
@@ -2788,6 +2788,12 @@ ssl3_SendRecord(   sslSocket *        ss,
 
     PORT_Assert( ss->opt.noLocks || ssl_HaveXmitBufLock(ss) );
 
+    if (ss->ssl3.fatalAlertSent) {
+        SSL_TRC(3, ("%d: SSL3[%d] Suppress write, fatal alert already sent",
+                    SSL_GETPID(), ss->fd));
+        return SECFailure;
+    }
+
     capRecordVersion = ((flags & ssl_SEND_FLAG_CAP_RECORD_VERSION) != 0);
 
     if (capRecordVersion) {
@@ -3233,6 +3239,9 @@ SSL3_SendAlert(sslSocket *ss, SSL3AlertLevel level, SSL3AlertDescription desc)
 			       ? ssl_SEND_FLAG_FORCE_INTO_BUFFER : 0);
 	rv = (sent >= 0) ? SECSuccess : (SECStatus)sent;
     }
+    if (level == alert_fatal) {
+        ss->ssl3.fatalAlertSent = PR_TRUE;
+    }
     ssl_ReleaseXmitBufLock(ss);
     ssl_ReleaseSSL3HandshakeLock(ss);
     return rv;	/* error set by ssl3_FlushHandshake or ssl3_SendRecord */

diff --git a/lib/ssl/sslimpl.h b/lib/ssl/sslimpl.h
@@ -981,6 +981,7 @@ struct ssl3StateStr {
     PRUint16             dtlsSRTPCiphers[MAX_DTLS_SRTP_CIPHER_SUITES];
     PRUint16             dtlsSRTPCipherCount;
     PRUint16             dtlsSRTPCipherSuite;	/* 0 if not selected */
+    PRBool               fatalAlertSent;
 };
 
 #define DTLS_MAX_MTU  1500      /* Ethernet MTU but without subtracting the