2008/12/29 Rob Shearman <robertshearman(a)gmail.com>:

2008/12/28 Henri Verbeet <hverbeet(a)gmail.com>:

...

+ while (received < data_size) + { + ret = pgnutls_record_recv(ctx->session, data + received, data_size - received); + if (ret < 0) + { + if (ret == GNUTLS_E_AGAIN) + { + if (!received)

Shouldn't this be "if (received == data_size)"?

...

+ { + pgnutls_perror(ret); + HeapFree(GetProcessHeap(), 0, data); + TRACE("Returning SEC_E_INCOMPLETE_MESSAGE\n"); + return SEC_E_INCOMPLETE_MESSAGE; + } + break; + } + else + { + pgnutls_perror(ret); + HeapFree(GetProcessHeap(), 0, data); + ERR("Returning SEC_E_INTERNAL_ERROR\n"); + return SEC_E_INTERNAL_ERROR; + } + } + received += ret; + }

The idea was to only return SEC_E_INCOMPLETE_MESSAGE if there's less than one complete TLS record in the buffer, it shouldn't be a problem to have eg. one complete message plus some bytes from the next one, setting the buffer size further down is supposed to take care of that.