Fix SSL_MODE_RELEASE_BUFFERS functionality

At some point in the past do_ssl3_write() used to return the number of bytes written, or a value <= 0 on error. It now just returns a success/ error code and writes the number of bytes written to |tmpwrit|. The SSL_MODE_RELEASE_BUFFERS code was still looking at the return code for the number of bytes written rather than |tmpwrit|. This has the effect that the buffers are not released when they are supposed to be. Fixes openssl#9490 Reviewed-by: Paul Dale <[email protected]> (Merged from openssl#9505)
Paxxi · Aug 5, 2019 · 8bbf63e · 8bbf63e
1 parent 5997237
commit 8bbf63e
Showing 1 changed file with 3 additions and 2 deletions.
diff --git a/ssl/record/rec_layer_s3.c b/ssl/record/rec_layer_s3.c
@@ -639,8 +639,9 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, size_t len,
              */
             s->s3.empty_fragment_done = 0;
 
-            if ((i == (int)n) && s->mode & SSL_MODE_RELEASE_BUFFERS &&
-                !SSL_IS_DTLS(s))
+            if (tmpwrit == n
+                    && (s->mode & SSL_MODE_RELEASE_BUFFERS) != 0
+                    && !SSL_IS_DTLS(s))
                 ssl3_release_write_buffer(s);
 
             *written = tot + tmpwrit;