crypto/tls: Fix c.in.decrypt error handling.

readRecord was not returning early if c.in.decrypt failed and ran through the rest of the function. It does set c.in.err, so the various checks in the callers do ultimately notice before acting on the result, but we should avoid running the rest of the function at all. Also rename 'err' to 'alertValue' since it isn't actually an error. Change-Id: I6660924716a85af704bd3fe81521b34766238695 Reviewed-on: https://go-review.googlesource.com/24709 Run-TryBot: Adam Langley <agl@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org> Reviewed-by: Adam Langley <agl@golang.org>

crypto/tls: Fix c.in.decrypt error handling.
readRecord was not returning early if c.in.decrypt failed and ran through the rest of the function. It does set c.in.err, so the various checks in the callers do ultimately notice before acting on the result, but we should avoid running the rest of the function at all. Also rename 'err' to 'alertValue' since it isn't actually an error. Change-Id: I6660924716a85af704bd3fe81521b34766238695 Reviewed-on: https://go-review.googlesource.com/24709 Run-TryBot: Adam Langley <agl@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org> Reviewed-by: Adam Langley <agl@golang.org>
ab6ba994 · David Benjamin · Adam Langley · 01661612 · ab6ba994
Commit ab6ba994 authored Jul 01, 2016 by David Benjamin Committed by Adam Langley Sep 30, 2016
Hide whitespace changes
Inline Side-by-side

Showing with 3 additions and 2 deletions

src/crypto/tls/conn.go src/crypto/tls/conn.go +3 -2

No files found.
--- a/src/crypto/tls/conn.go
+++ b/src/crypto/tls/conn.go
@@ -632,9 +632,10 @@ Again:

 	// Process message.
 	b, c.rawInput = c.in.splitBlock(b, recordHeaderLen+n)
-	ok, off, err := c.in.decrypt(b)
+	ok, off, alertValue := c.in.decrypt(b)
 	if !ok {
-		c.in.setErrorLocked(c.sendAlert(err))
+		c.in.freeBlock(b)
+		return c.in.setErrorLocked(c.sendAlert(alertValue))
 	}
 	b.off = off
 	data := b.data[b.off:]