Merge branch 'ia/ssl/false-alerts/OTP-11890' into maint

* ia/ssl/false-alerts/OTP-11890: ssl: Add checks to avoid processing of illegal alerts
author: Ingela Anderton Andin <[email protected]> 2014-05-09 12:16:30 +0200
committer: Ingela Anderton Andin <[email protected]> 2014-05-09 12:16:30 +0200
commit: 726a6beccce6ff77d9c3910396b9680147accd12 (patch)
tree: dc94e5911e4c868c314e180ecd12425e37e42f9f /lib/ssl/src/tls_connection.erl
parent: 17a4fefd66da7e34775c5ddb9ac146816d5abd42 (diff)
parent: 6b483da9c102b1650ab103f78f57f9bd7c707781 (diff)
download: otp-726a6beccce6ff77d9c3910396b9680147accd12.tar.gz
otp-726a6beccce6ff77d9c3910396b9680147accd12.tar.bz2
otp-726a6beccce6ff77d9c3910396b9680147accd12.zip
1 files changed, 8 insertions, 14 deletions
diff --git a/lib/ssl/src/tls_connection.erl b/lib/ssl/src/tls_connection.erl
index 930706cde6..32086ff6ce 100644
--- a/lib/ssl/src/tls_connection.erl
+++ b/lib/ssl/src/tls_connection.erl
@@ -362,20 +362,11 @@ encode_handshake(Handshake, Version, ConnectionStates0, Hist0) ->
         ssl_record:encode_handshake(Frag, Version, ConnectionStates0),
     {Encoded, ConnectionStates, Hist}.
 
-
 encode_change_cipher(#change_cipher_spec{}, Version, ConnectionStates) ->
     ssl_record:encode_change_cipher_spec(Version, ConnectionStates).
 
-
-
 decode_alerts(Bin) ->
-    decode_alerts(Bin, []).
-
-decode_alerts(<<?BYTE(Level), ?BYTE(Description), Rest/binary>>, Acc) ->
-    A = ?ALERT_REC(Level, Description),
-    decode_alerts(Rest, [A | Acc]);
-decode_alerts(<<>>, Acc) ->
-    lists:reverse(Acc, []).
+    ssl_alert:decode(Bin).
 
 initial_state(Role, Host, Port, Socket, {SSLOptions, SocketOptions}, User,
 	      {CbModule, DataTag, CloseTag, ErrorTag}) ->
@@ -420,10 +411,13 @@ next_state(Current,_, #alert{} = Alert, #state{negotiated_version = Version} = S
 next_state(_,Next, no_record, State) ->
     {next_state, Next, State, get_timeout(State)};
 
-next_state(_,Next, #ssl_tls{type = ?ALERT, fragment = EncAlerts}, State) ->
-    Alerts = decode_alerts(EncAlerts),
-    handle_alerts(Alerts,  {next_state, Next, State, get_timeout(State)});
-
+next_state(Current, Next, #ssl_tls{type = ?ALERT, fragment = EncAlerts}, #state{negotiated_version = Version} = State) ->
+    case decode_alerts(EncAlerts) of
+	Alerts = [_|_] ->
+	    handle_alerts(Alerts,  {next_state, Next, State, get_timeout(State)});
+	#alert{} = Alert ->
+	    handle_own_alert(Alert, Version, Current, State)
+    end;
 next_state(Current, Next, #ssl_tls{type = ?HANDSHAKE, fragment = Data},
 	   State0 = #state{protocol_buffers =
 			       #protocol_buffers{tls_handshake_buffer = Buf0} = Buffers,
author	Ingela Anderton Andin <[email protected]>	2014-05-09 12:16:30 +0200
committer	Ingela Anderton Andin <[email protected]>	2014-05-09 12:16:30 +0200
commit	726a6beccce6ff77d9c3910396b9680147accd12 (patch)
tree	dc94e5911e4c868c314e180ecd12425e37e42f9f /lib/ssl/src/tls_connection.erl
parent	17a4fefd66da7e34775c5ddb9ac146816d5abd42 (diff)
parent	6b483da9c102b1650ab103f78f57f9bd7c707781 (diff)
download	otp-726a6beccce6ff77d9c3910396b9680147accd12.tar.gz otp-726a6beccce6ff77d9c3910396b9680147accd12.tar.bz2 otp-726a6beccce6ff77d9c3910396b9680147accd12.zip