From: David Benjamin <davidben@google.com>
Date: Fri, 1 Jul 2016 20:41:09 +0000 (-0400)
Subject: crypto/tls: Fix c.in.decrypt error handling.
X-Git-Tag: go1.8beta1~1094
X-Git-Url: http://www.git.cypherpunks.su/?a=commitdiff_plain;h=ab6ba99484b637bad0c5a5fa2c590834c14746c7;p=gostls13.git

crypto/tls: Fix c.in.decrypt error handling.

readRecord was not returning early if c.in.decrypt failed and ran
through the rest of the function. It does set c.in.err, so the various
checks in the callers do ultimately notice before acting on the result,
but we should avoid running the rest of the function at all.

Also rename 'err' to 'alertValue' since it isn't actually an error.

Change-Id: I6660924716a85af704bd3fe81521b34766238695
Reviewed-on: https://go-review.googlesource.com/24709
Run-TryBot: Adam Langley <agl@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Adam Langley <agl@golang.org>
---

diff --git a/src/crypto/tls/conn.go b/src/crypto/tls/conn.go
index 20b3d735ff..6fd486462f 100644
--- a/src/crypto/tls/conn.go
+++ b/src/crypto/tls/conn.go
@@ -632,9 +632,10 @@ Again:
 
 	// Process message.
 	b, c.rawInput = c.in.splitBlock(b, recordHeaderLen+n)
-	ok, off, err := c.in.decrypt(b)
+	ok, off, alertValue := c.in.decrypt(b)
 	if !ok {
-		c.in.setErrorLocked(c.sendAlert(err))
+		c.in.freeBlock(b)
+		return c.in.setErrorLocked(c.sendAlert(alertValue))
 	}
 	b.off = off
 	data := b.data[b.off:]