Details
-
Bug
-
Status: Closed
-
Major
-
Resolution: Fixed
-
proton-c-0.37.0
-
None
-
OpenSSL
Description
pn_tls_need_decrypt_output_buffers can falsely indicate the availability of user data. For example if there is a handshake failure, BIO_pending can indicate the presence of bytes but BIO_read will return -1 and the appropriate error.
An application may be fooled into providing a decrypt output buffer that won't be immediately be returned after the next pn_tls_process() step, since no bytes will be read into it.