TLSEngine overflow patch has critical errors #71
Description
What steps will reproduce the problem?
1. Send data that is larger than 16384 bytes
What is the expected output? What do you see instead?
The data should be packetized and sent without the receiving end sending any
alerts. However, the receiving end (openssl in my case) sends an Alert 22
(record overflow)
What version of the product are you using? On what operating system?
trunk, Mac, Windows, Linux
Please provide any additional information below.
The issue is that the original fix for the overflow doesn't clear the "rec"
ByteArray after it writes to it. Additionally that same array is used by
sendRecord() to hold the payload. Subsequent uses of rec will contain old data.
Please apply the patch (file attached) to fix the issue.
Original issue reported on code.google.com by joel.con...@gmail.com on 12 Jan 2012 at 8:53
Attachments: