libtls: Check for CHANGE_CIPHER_SPEC type only if upper layer returns NEED_MORE
authorMartin Willi <martin@revosec.ch>
Thu, 8 Jan 2015 10:06:45 +0000 (11:06 +0100)
committerMartin Willi <martin@revosec.ch>
Mon, 12 Jan 2015 13:18:24 +0000 (14:18 +0100)
commit780bf2b8e94686c535a7bc8ffaccd9e7a7646e77
tree5b40ca86a109290b582080405823606680176b1d
parentaa71c19e5c10e441b94c7c5fa0f624a43946203b
libtls: Check for CHANGE_CIPHER_SPEC type only if upper layer returns NEED_MORE

A type is returned only if upper layers successfully created a record, that is
returns NEED_MORE. If we do not check for the return value, we might check a
previous record or the uninitialized type variable and falsely reset the
sequence number.
src/libtls/tls_protection.c