[Bug 39264] wininet may try to decrypt one more ssl message than needed
wine-bugs at winehq.org
wine-bugs at winehq.org
Sat Sep 12 10:31:25 CDT 2015
https://bugs.winehq.org/show_bug.cgi?id=39264
--- Comment #4 from Sebastian Lackner <sebastian at fds-team.de> ---
(In reply to 7element from comment #2)
> Yes, I should have mentioned that. Sorry.
> In my opinion if we already read the data, there is no need to try decrypt
> another message, but you are the expert.
> The other way is to check on next call to read_ssl_chunk BEFORE the assert
> if we already have all the data. Or change the assert to be <= and after
> that make the check and break.
> I'll leave the best course of action to your expertise, but I hope you
> understand why this is a problem.
The code was not written by me, and in general has a very bad quality.
Nevertheless my understanding is, that an implementation can rely on the fact,
that the values returned by QueryContextAttributesW are correct. This means
after reading a maximum of
(conn->ssl_sizes.cbHeader+conn->ssl_sizes.cbMaximumMessage+conn->ssl_sizes.cbTrailer)
bytes, the implementation should be able to tell if its a correct message
(SEC_E_OK) or if an error occurred, but definitely shouldn't return
SEC_E_INCOMPLETE_MESSAGE anymore. As far as I know ReactOS also never
encountered this assertion with the old gnutls based implementation, right?
For such development related questions and discussions it might be better to
ask them at wine-devel, since its very unlikely that a lot of developers will
see it here on the bugtracker.
--
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.
More information about the wine-bugs
mailing list