From: Christos Tsantilas Date: Wed, 20 May 2015 11:00:11 +0000 (+0300) Subject: Fix "Not enough space to hold server hello message" error message X-Git-Tag: merge-candidate-3-v1~112 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=8cc7eb676d203ec6045863432feedc3396a48b02;p=thirdparty%2Fsquid.git Fix "Not enough space to hold server hello message" error message This patch merges the Ssl::ClientBio and Ssl::ServerBio read buffering code to the Ssl::Bio::readAndBuffer method and uses the MemBuf::potentialSpaceSize instead of MemBuf::spaceSize to check space size for SSL hello messages buffer, to take in account available space after a possible buffer grow. This is a Measurement Factory project --- diff --git a/src/ssl/bio.cc b/src/ssl/bio.cc index b259b969ce..934a0790ea 100644 --- a/src/ssl/bio.cc +++ b/src/ssl/bio.cc @@ -129,6 +129,29 @@ Ssl::Bio::read(char *buf, int size, BIO *table) return result; } +int +Ssl::Bio::readAndBuffer(char *buf, int size, BIO *table, const char *description) +{ + prepReadBuf(); + + size = min((int)rbuf.potentialSpaceSize(), size); + if (size <= 0) { + debugs(83, DBG_IMPORTANT, "Not enough space to hold " << + rbuf.contentSize() << "+ byte " << description); + return -1; + } + + const int bytes = Ssl::Bio::read(buf, size, table); + debugs(83, 5, "read " << bytes << " out of " << size << " bytes"); // move to Ssl::Bio::read() + + if (bytes > 0) { + rbuf.append(buf, bytes); + debugs(83, 5, "recorded " << bytes << " bytes of " << description); + } + return bytes; + } + + /// Called whenever the SSL connection state changes, an alert appears, or an /// error occurs. See SSL_set_info_callback(). void @@ -199,20 +222,9 @@ int Ssl::ClientBio::read(char *buf, int size, BIO *table) { if (helloState < atHelloReceived) { - prepReadBuf(); - - size = rbuf.spaceSize() > size ? size : rbuf.spaceSize(); - - if (!size) { - debugs(83, DBG_IMPORTANT, "Not enough space to hold client SSL hello message"); - return -1; - } - - int bytes = Ssl::Bio::read(buf, size, table); + int bytes = readAndBuffer(buf, size, table, "TLS client Hello"); if (bytes <= 0) return bytes; - rbuf.append(buf, bytes); - debugs(83, 7, "rbuf size: " << rbuf.contentSize()); } if (helloState == atHelloNone) { @@ -276,21 +288,8 @@ Ssl::ServerBio::setClientFeatures(const Ssl::Bio::sslFeatures &features) int Ssl::ServerBio::read(char *buf, int size, BIO *table) { - int bytes = Ssl::Bio::read(buf, size, table); - - if (bytes > 0 && record_) { - prepReadBuf(); - - if (rbuf.spaceSize() < bytes) { - debugs(83, DBG_IMPORTANT, "Not enough space to hold server hello message"); - return -1; - } - - rbuf.append(buf, bytes); - debugs(83, 5, "Record is enabled store " << bytes << " bytes"); - } - debugs(83, 5, "Read " << bytes << " from " << size << " bytes"); - return bytes; + return record_ ? + readAndBuffer(buf, size, table, "TLS server Hello") : Ssl::Bio::read(buf, size, table); } // This function makes the required checks to examine if the client hello diff --git a/src/ssl/bio.h b/src/ssl/bio.h index 910fd86b1d..0ae6e4403e 100644 --- a/src/ssl/bio.h +++ b/src/ssl/bio.h @@ -113,6 +113,9 @@ public: /// Prepare the rbuf buffer to accept hello data void prepReadBuf(); + /// Reads data from socket and record them to a buffer + int readAndBuffer(char *buf, int size, BIO *table, const char *description); + const MemBuf &rBufData() {return rbuf;} protected: const int fd_; ///< the SSL socket we are reading and writing