In ssl3_GatherData, the value of gs->inbuf.len was incorrect during the

GS_HEADER state.  It should be correct in all states.
In ssl_DestroyGather, prior to freeing the buffers, the code zeroed out
the ciphertext buffer.  It now zeros out the plaintext buffer instead.


git-svn-id: svn://10.0.0.236/trunk@83200 18797224-902f-48f8-a5cc-f745e15eee43

mozilla/security/nss/lib/ssl/ssl3gthr.c

@@ -32,7 +32,7 @@
  * may use your version of this file under either the MPL or the
  * GPL.
  *
- * $Id: ssl3gthr.c,v 1.2 2000-10-07 02:22:22 nelsonb%netscape.com Exp $
+ * $Id: ssl3gthr.c,v 1.3 2000-12-02 00:53:59 nelsonb%netscape.com Exp $
  */
 
 #include "cert.h"
@@ -76,6 +76,7 @@ ssl3_GatherData(sslSocket *ss, sslGather *gs, int flags)
 	gs->offset      = 0;
 	gs->writeOffset = 0;
 	gs->readOffset  = 0;
+	gs->inbuf.len   = 0;
     }
     
     lbp = gs->inbuf.buf;
@@ -108,8 +109,9 @@ ssl3_GatherData(sslSocket *ss, sslGather *gs, int flags)
 	}
 
 	gs->offset    += nb;
-	gs->inbuf.len += nb;
 	gs->remainder -= nb;
+	if (gs->state == GS_DATA)
+	    gs->inbuf.len += nb;
 
 	/* if there's more to go, read some more. */
 	if (gs->remainder > 0) {

mozilla/security/nss/lib/ssl/sslgathr.c

@@ -32,7 +32,7 @@
  * may use your version of this file under either the MPL or the
  * GPL.
  *
- * $Id: sslgathr.c,v 1.1 2000-03-31 19:35:05 relyea%netscape.com Exp $
+ * $Id: sslgathr.c,v 1.2 2000-12-02 00:54:01 nelsonb%netscape.com Exp $
  */
 #include "cert.h"
 #include "ssl.h"
@@ -436,11 +436,9 @@ ssl_NewGather(void)
 void 
 ssl_DestroyGather(sslGather *gs)
 {
-    if (gs->inbuf.buf != NULL) {
-	PORT_ZFree(gs->inbuf.buf, gs->inbuf.len);
-    }
-    if (gs) {
-	PORT_Free(gs->buf.buf);
+    if (gs) {	/* the PORT_*Free functions check for NULL pointers. */
+	PORT_ZFree(gs->buf.buf, gs->buf.space);
+	PORT_Free(gs->inbuf.buf);
 	PORT_Free(gs);
     }
 }