From: Bernd Edlinger <bernd.edlinger@hotmail.de>
Date: Mon, 6 Nov 2017 10:27:41 +0000 (+0100)
Subject: Fix error handling in heartbeat processing
X-Git-Tag: OpenSSL_1_0_2n~17
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=565a53f35cb7a40b4e551f5c63672020eb4809c8;p=openssl

Fix error handling in heartbeat processing

Fixes: #4590

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4681)
---

diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c
index 04212c51e7..b914568430 100644
--- a/ssl/s3_pkt.c
+++ b/ssl/s3_pkt.c
@@ -1324,10 +1324,16 @@ int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
         }
 #ifndef OPENSSL_NO_HEARTBEATS
         else if (rr->type == TLS1_RT_HEARTBEAT) {
-            tls1_process_heartbeat(s);
+            i = tls1_process_heartbeat(s);
+
+            if (i < 0)
+                return i;
 
-            /* Exit and notify application to read again */
             rr->length = 0;
+            if (s->mode & SSL_MODE_AUTO_RETRY)
+                goto start;
+
+            /* Exit and notify application to read again */
             s->rwstate = SSL_READING;
             BIO_clear_retry_flags(SSL_get_rbio(s));
             BIO_set_retry_read(SSL_get_rbio(s));