From 42a6b04c4aefaacba6616d7c42c2e6dc15ffef4a Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Fri, 26 Jul 2019 07:25:20 +0100
Subject: [PATCH] Don't forget about pending alerts after ssl_get_next_record()

ssl_get_next_record() may pend fatal alerts in response to receiving
invalid records. Previously, however, those were never actually sent
because there was no code-path checking for pending alerts.

This commit adds a call to ssl_send_pending_fatal_alert() after
the invocation of ssl_get_next_record() to fix this.
---
 library/ssl_tls.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 601f81f68..0b86e3632 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -5116,6 +5116,7 @@ int mbedtls_ssl_read_record( mbedtls_ssl_context *ssl,
                     if( ret != 0 )
                     {
                         MBEDTLS_SSL_DEBUG_RET( 1, ( "ssl_get_next_record" ), ret );
+                        ssl_send_pending_fatal_alert( ssl );
                         return( ret );
                     }
                 }