On 28 Apr 2014, at 4:20 PM, Kurt Roeckx wrote: > To me this all sounds like an we end up in an inconsistent state. > > I'm expecting write(2) like behaviour of SSL_write().
You can request write(2)-like behavior from SSL_write() by setting SSL_MODE_ENABLE_PARTIAL_WRITE with SSL_CTX_set_mode(). However, this bug is one that occurs when the write(2)-like behavior is not set. I do think it would be reasonable to sanity-check 's->s3->wnum' against 'len' in ssl3_write()/ssl2_write(), perhaps duplicating ssl3_write_pending()'s error checks so that they happen before the underflow occurs. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org