From 01049f9c00f0a903d4923a054769ef9f2187bd21 Mon Sep 17 00:00:00 2001

From: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Date: Fri, 21 Nov 2014 20:18:08 +0100

Subject: [PATCH] treat GNUTLS_E_GOT_APPLICATION_DATA as non-fatal if initial

 negotiation is complete

This corrects a regression introduced in b5a0de2e6da98866cafb770c3141b7353d030ab2

Reported by Dan Winship. https://savannah.gnu.org/support/?108690

---

 lib/gnutls_handshake.c | 11 ++++++++---

 lib/gnutls_record.c    |  2 +-

 2 files changed, 9 insertions(+), 4 deletions(-)

diff --git a/lib/gnutls_handshake.c b/lib/gnutls_handshake.c

index 40d399c..e904f2e 100644

--- a/lib/gnutls_handshake.c

+++ b/lib/gnutls_handshake.c

@@ -2607,6 +2610,8 @@ gnutls_handshake_set_timeout(gnutls_session_t session, unsigned int ms)

 		/* EAGAIN and INTERRUPTED are always non-fatal */ \

 		if (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED) \

 			return ret; \

+		if (ret == GNUTLS_E_GOT_APPLICATION_DATA && session->internals.initial_negotiation_completed != 0) \

+			return ret; \

 		if (ret == GNUTLS_E_LARGE_PACKET && session->internals.handshake_large_loops < 16) { \

 			session->internals.handshake_large_loops++; \

 			return ret; \

diff --git a/lib/gnutls_record.c b/lib/gnutls_record.c

index 157d12a..40c20fe 100644

--- a/lib/gnutls_record.c

+++ b/lib/gnutls_record.c

@@ -837,7 +837,7 @@ record_add_to_buffers(gnutls_session_t session,

 			 * reasons). Otherwise it is an unexpected packet

 			 */

 			if (type == GNUTLS_ALERT

-			    || (htype == GNUTLS_HANDSHAKE_CLIENT_HELLO

+			    || ((htype == GNUTLS_HANDSHAKE_SERVER_HELLO || htype == GNUTLS_HANDSHAKE_CLIENT_HELLO)

 				&& type == GNUTLS_HANDSHAKE)) {

 				/* even if data is unexpected put it into the buffer */

 				_gnutls_record_buffer_put(session, recv->type,

-- 

2.1.0