mirror of
https://github.com/curl/curl.git
synced 2026-05-06 02:57:27 +03:00
4f42150d04
Prior to this change Curl_read_plain would attempt to read the
socket directly. On Windows that's a problem because recv data may be
cached by libcurl and that data is only drained using Curl_recv_plain.
Rather than rewrite Curl_read_plain to handle cached recv data, I
changed it to wrap Curl_recv_plain, in much the same way that
Curl_write_plain already wraps Curl_send_plain.
Curl_read_plain -> Curl_recv_plain
Curl_write_plain -> Curl_send_plain
This fixes a bug in the schannel backend where decryption of arbitrary
TLS records fails because cached recv data is never drained. We send
data (TLS records formed by Schannel) using Curl_write_plain, which
calls Curl_send_plain, and that may do a recv-before-send
("pre-receive") to cache received data. The code calls Curl_read_plain
to read data (TLS records from the server), which prior to this change
did not call Curl_recv_plain and therefore cached recv data wasn't
retrieved, resulting in malformed TLS records and decryption failure
(SEC_E_DECRYPT_FAILURE).
The bug has only been observed during Schannel TLS 1.3 handshakes. Refer
to the issue and PR for more information.
--
This is take 2 of the original fix. It preserves the original behavior
of Curl_read_plain to write 0 to the bytes read parameter on error,
since apparently some callers expect that (SOCKS tests were hanging).
The original fix which landed in
|
||
|---|---|---|
| .. | ||
| bearssl.c | ||
| bearssl.h | ||
| gskit.c | ||
| gskit.h | ||
| gtls.c | ||
| gtls.h | ||
| hostcheck.c | ||
| hostcheck.h | ||
| keylog.c | ||
| keylog.h | ||
| mbedtls.c | ||
| mbedtls.h | ||
| mbedtls_threadlock.c | ||
| mbedtls_threadlock.h | ||
| nss.c | ||
| nssg.h | ||
| openssl.c | ||
| openssl.h | ||
| rustls.c | ||
| rustls.h | ||
| schannel.c | ||
| schannel.h | ||
| schannel_verify.c | ||
| sectransp.c | ||
| sectransp.h | ||
| vtls.c | ||
| vtls.h | ||
| vtls_int.h | ||
| wolfssl.c | ||
| wolfssl.h | ||
| x509asn1.c | ||
| x509asn1.h | ||