Fix ssl3_get_message handle message fragmentation correctly.

[openssl.git] / ssl / s3_both.c

diff --git a/ssl/s3_both.c b/ssl/s3_both.c
index b4d1b8445d78dd509f1b6b50c8e51fb0e4aca53f..cd97280374e1e941f0cb4977ab64699d9d6292c8 100644 (file)
--- a/ssl/s3_both.c
+++ b/ssl/s3_both.c
@@ -272,7 +272,11 @@ unsigned long ssl3_output_cert_chain(SSL *s, X509 *x)
                }
        if (x != NULL)
                {
-               X509_STORE_CTX_init(&xs_ctx,s->ctx->cert_store,NULL,NULL);
+               if(!X509_STORE_CTX_init(&xs_ctx,s->ctx->cert_store,NULL,NULL))
+                       {
+                       SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN,ERR_R_X509_LIB);
+                       return(0);
+                       }
 
                for (;;)
                        {
@@ -383,7 +387,11 @@ long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
                                         * if their format is correct. Does not count for
                                         * 'Finished' MAC. */
                                        if (p[1] == 0 && p[2] == 0 &&p[3] == 0)
+                                               {
+                                               s->init_num = 0;
                                                skip_message = 1;
+                                               }
+                       
                        }
                while (skip_message);
 
@@ -432,6 +440,7 @@ long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
        /* next state (stn) */
        p=(unsigned char *)s->init_buf->data;
        n=s->s3->tmp.message_size;
+       n -= s->init_num;
        while (n > 0)
                {
                i=ssl3_read_bytes(s,SSL3_RT_HANDSHAKE,&p[s->init_num],n,0);