Bug 753136 - Hard fail on extension failures draft
authorMartin Thomson <martin.thomson@gmail.com>
Sun, 01 Feb 2015 11:44:39 -0800
changeset 240371 e3ccfdaeb392655c1814dd781432aa7d43327ef0
parent 240370 8be1fdda9cb96b5495ca26fb727fd3ab95bc574c
child 505196 ea8f4aba91c8b311f60bc9b961d6e41c6d6f7479
push id529
push usermartin.thomson@gmail.com
push dateSun, 01 Feb 2015 19:45:19 +0000
bugs753136
milestone38.0a1
Bug 753136 - Hard fail on extension failures
security/nss/lib/ssl/ssl3ext.c
--- a/security/nss/lib/ssl/ssl3ext.c
+++ b/security/nss/lib/ssl/ssl3ext.c
@@ -1890,19 +1890,19 @@ ssl3_HandleHelloExtensions(sslSocket *ss
             return SECFailure;
 
         /* find extension_type in table of Hello Extension Handlers */
         for (handler = handlers; handler->ex_type >= 0; handler++) {
             /* if found, call this handler */
             if (handler->ex_type == extension_type) {
                 rv = (*handler->ex_handler)(ss, (PRUint16)extension_type,
                                                         &extension_data);
-                /* Ignore this result */
-                /* Treat all bad extensions as unrecognized types. */
-                break;
+                if (rv != SECSuccess) {
+                    return rv;
+                }
             }
         }
     }
     return SECSuccess;
 }
 
 /* Add a callback function to the table of senders of server hello extensions.
  */