Reverse logic for compression in ssl_cli.c

Change is_compression_ok() to is_compression_bad() for more semantics that are a better match for what's really going on in the case of no compression support. Signed-off-by: David Horstmann <david.horstmann@arm.com>
2025-08-07 06:42:56 +03:00 · 2022-11-07 16:33:57 +00:00
parent 08a37516ff
commit b410566ba7
1 changed files with 7 additions and 7 deletions
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@@ -2055,9 +2055,9 @@ static int ssl_parse_hello_verify_request( mbedtls_ssl_context *ssl )
 }
 #endif /* MBEDTLS_SSL_PROTO_DTLS */

-static int is_compression_ok( mbedtls_ssl_context *ssl, unsigned char comp )
+static int is_compression_bad( mbedtls_ssl_context *ssl, unsigned char comp )
 {
-    int accept_comp = 1;
+    int bad_comp = 0;

    /* Suppress warnings in some configurations */
    (void) ssl;
@@ -2065,17 +2065,17 @@ static int is_compression_ok( mbedtls_ssl_context *ssl, unsigned char comp )
    /* See comments in ssl_write_client_hello() */
 #if defined(MBEDTLS_SSL_PROTO_DTLS)
    if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
-        accept_comp = 0;
+        bad_comp = 1;
 #endif

    if( comp != MBEDTLS_SSL_COMPRESS_NULL &&
        comp != MBEDTLS_SSL_COMPRESS_DEFLATE )
-        accept_comp = 0;
+        bad_comp = 1;
 #else /* MBEDTLS_ZLIB_SUPPORT */
    if( comp != MBEDTLS_SSL_COMPRESS_NULL )
-        accept_comp = 0;
+        bad_comp = 1;
 #endif/* MBEDTLS_ZLIB_SUPPORT */
-    return accept_comp;
+    return bad_comp;
 }

 MBEDTLS_CHECK_RETURN_CRITICAL
@@ -2254,7 +2254,7 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl )
     */
    comp = buf[37 + n];

-    if( !is_compression_ok( ssl, comp ) )
+    if( is_compression_bad( ssl, comp ) )
    {
        MBEDTLS_SSL_DEBUG_MSG( 1,
            ( "server hello, bad compression: %d", comp ) );