Import upstream version 5.1.3

1 files changed, 9 insertions, 8 deletions

diff --git a/src/libtls/tls.c b/src/libtls/tls.c
index 6b51e7593..6e2955814 100644
--- a/src/libtls/tls.c
+++ b/src/libtls/tls.c
@@ -218,14 +218,7 @@ METHOD(tls_t, process, status_t,
 	{
 		if (this->input.len == 0)
 		{
-			if (buflen < sizeof(tls_record_t))
-			{
-				DBG2(DBG_TLS, "received incomplete TLS record header");
-				memcpy(&this->head, buf, buflen);
-				this->headpos = buflen;
-				break;
-			}
-			while (TRUE)
+			while (buflen >= sizeof(tls_record_t))
 			{
 				/* try to process records inline */
 				record = buf;
@@ -252,6 +245,13 @@ METHOD(tls_t, process, status_t,
 					return NEED_MORE;
 				}
 			}
+			if (buflen < sizeof(tls_record_t))
+			{
+				DBG2(DBG_TLS, "received incomplete TLS record header");
+				memcpy(&this->head, buf, buflen);
+				this->headpos = buflen;
+				break;
+			}
 		}
 		len = min(buflen, this->input.len - this->inpos);
 		memcpy(this->input.ptr + this->inpos, buf, len);
@@ -447,6 +447,7 @@ tls_t *tls_create(bool is_server, identification_t *server,
 		case TLS_PURPOSE_EAP_TTLS:
 		case TLS_PURPOSE_EAP_PEAP:
 		case TLS_PURPOSE_GENERIC:
+		case TLS_PURPOSE_GENERIC_NULLOK:
 			break;
 		default:
 			return NULL;