Mailing Lists
cURL Mailing List Monthly Index Single Mail
curl-tracker Archives
[curl:bugs] #1462 SSL connection returns garbage data
From: Jay Satiro <raysatiro_at_users.sf.net>
Date: Tue, 09 Dec 2014 07:47:18 +0000
This caught my eye:
The documentation for DecryptMessage [1] says that if the function fails to decrypt the message several errors can be returned. For two of those errors handled in curl_schannel.c SEC_I_RENEGOTIATE/SEC_I_CONTEXT_EXPIRED the code is still reading the buffers as if there could be decrypted data like it's on the success path. I can't find DecryptMessage documented behavior to support that. Maybe some undocumented win2k thing?
[1]: http://msdn.microsoft.com/en-us/library/windows/desktop/aa375348.aspx
--- ** [bugs:#1462] SSL connection returns garbage data** **Status:** open **Labels:** SSL DarwinSSL **Created:** Fri Dec 05, 2014 09:45 PM UTC by Tae Hyoung Ahn **Last Updated:** Tue Dec 09, 2014 02:35 AM UTC **Owner:** Daniel Stenberg When curl receives encrypted data from ssl connection, schannel_recv() tries to decrypt. If s_pSecFn->DecryptMessage() returns a error such as SEC_I_CONTEXT_EXPIRED, schannel_recv() returns ret variable that has the encrypted packet length not decrypted packet size. So the last line of schannel_recv() should be changed to return size variable. --- Sent from sourceforge.net because curl-tracker@cool.haxx.se is subscribed to https://sourceforge.net/p/curl/bugs/ To unsubscribe from further messages, a project admin can change settings at https://sourceforge.net/p/curl/admin/bugs/options. Or, if this is a mailing list, you can unsubscribe from the mailing list.Received on 2014-12-09 These mail archives are generated by hypermail. |