Closed Bug 1339923 Opened 3 years ago Closed 3 years ago

Assertion failure: IS_DTLS(ss) && (type == content_handshake || type == content_change_cipher_spec), at lib/ssl/ssl3con.c:2800 if ssl3_SendRecord needs to send more than MAX_FRAGMENT_LENGTH

Categories

(NSS :: Libraries, defect)

defect
Not set

Tracking

(Not tracked)

RESOLVED FIXED

People

(Reporter: keeler, Assigned: keeler)

Details

Attachments

(1 obsolete file)

I encountered this while trying to get NSS (as a TLS server) to send a very large stapled OCSP response. Basically, looking at ssl3_SendRecord, if nIn > MAX_FRAGMENT_LENGTH, the loop will happen more than once. The first time around, cwSpec (which was passed in as NULL) gets set to ss->ssl3.cwSpec. The second time around, cwSpec is non-null so the assertion is checked and fails, since this isn't DTLS.
Attached patch patch (obsolete) — Splinter Review
Assignee: nobody → dkeeler
Status: NEW → ASSIGNED
Attachment #8837792 - Flags: review?(franziskuskiefer)
Please post this on Phabricator at:
https://nss-review.dev.mozaws.net/

Also, please assign the review to me.
Comment on attachment 8837792 [details] [diff] [review]
patch

Ok - I signed up for an account (it says it's waiting for approval).
Attachment #8837792 - Attachment is obsolete: true
Attachment #8837792 - Flags: review?(franziskuskiefer)
If I'm understanding correctly, the patch in comment 4 has been r+'d.
Here's a try run: https://treeherder.mozilla.org/#/jobs?repo=nss-try&revision=104acddbed7c624a1d844392b25dbbcd3bca08a2
Tim, could you land this for me? Thanks!
Flags: needinfo?(ttaubert)
Yes, it has, sorry for not being clearer
Landed. Thanks!

https://hg.mozilla.org/projects/nss/rev/c1595e741e35
Status: ASSIGNED → RESOLVED
Closed: 3 years ago
Flags: needinfo?(ttaubert)
Resolution: --- → FIXED
Target Milestone: --- → 3.30
You need to log in before you can comment on or make changes to this bug.