Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Prevent failures on 2 subsequent warning alerts if S2N_ALERT_IGNORE_WARNINGS is set #2213

Merged
merged 1 commit into from Aug 10, 2020
Merged

Prevent failures on 2 subsequent warning alerts if S2N_ALERT_IGNORE_WARNINGS is set #2213

merged 1 commit into from Aug 10, 2020

Conversation

xonatius
Copy link
Contributor

@xonatius xonatius commented Aug 7, 2020

Description of changes:

Previously when mode was set to S2N_ALERT_IGNORE_WARNINGS and warning was ignored, we did not clean up the conn->alert_in buffer, so when we received a second warning we would fail the connection with S2N_ERR_ALERT_PRESENT at the beginning of s2n_process_alert_fragment function.

Call-outs:

One drawback is that we won't be able to fetch all warning alerts we received from the peer through s2n_connection_get_alert and only the fatal ones will get there. However, I think we can tackle that separately by introducing a different api to get multiple alerts.

Testing:

Extended existing unit test to send 2 alerts and check that connection still works in S2N_ALERT_IGNORE_WARNINGS mode. The test fails without the change.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

@codecov-commenter
Copy link

codecov-commenter commented Aug 8, 2020
edited

Codecov Report

❗ No coverage uploaded for pull request base (main@41975db). Click here to learn what that means.
The diff coverage is 0.00%.

@@           Coverage Diff           @@
##             main    #2213   +/-   ##
=======================================
  Coverage        ?   83.54%           
=======================================
  Files           ?      249           
  Lines           ?    16611           
  Branches        ?        0           
=======================================
  Hits            ?    13877           
  Misses          ?     2734           
  Partials        ?        0

Impacted file tree graph

@xonatius
Prevent failures on 2 subsequent warning alerts if S2N_ALERT_IGNORE_W…
72b2ca0 
…ARNINGS is set

Previously when mode was set to S2N_ALERT_IGNORE_WARNINGS and warning
was ignored, we did not clean up the conn->alert_in buffer, so when we
received a second warning we would fail the connection with
S2N_ERR_ALERT_PRESENT at the beginning of s2n_process_alert_fragment
function.
@xonatius xonatius merged commit 89fa7ec into aws:main Aug 10, 2020
@zz85 zz85 mentioned this pull request Aug 11, 2020
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@zz85 zz85 zz85 approved these changes

@baldwinmatt baldwinmatt baldwinmatt approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@xonatius @codecov-commenter @zz85 @baldwinmatt