Index: net/third_party/nss/ssl/dtlscon.c |
diff --git a/net/third_party/nss/ssl/dtlscon.c b/net/third_party/nss/ssl/dtlscon.c |
index 89315eee041b9a85eb5d9d18927e617d339789a4..1b21107094e8426c29b81662cbe32f7e1c613a70 100644 |
--- a/net/third_party/nss/ssl/dtlscon.c |
+++ b/net/third_party/nss/ssl/dtlscon.c |
@@ -104,9 +104,7 @@ ssl3_DisableNonDTLSSuites(sslSocket * ss) |
const ssl3CipherSuite * suite; |
for (suite = nonDTLSSuites; *suite; ++suite) { |
- SECStatus rv = ssl3_CipherPrefSet(ss, *suite, PR_FALSE); |
- |
- PORT_Assert(rv == SECSuccess); /* else is coding error */ |
+ PORT_CheckSuccess(ssl3_CipherPrefSet(ss, *suite, PR_FALSE)); |
} |
return SECSuccess; |
} |
@@ -229,7 +227,7 @@ dtls_HandleHandshake(sslSocket *ss, sslBuffer *origBuf) |
#define MAX_HANDSHAKE_MSG_LEN 0x1ffff /* 128k - 1 */ |
if (message_length > MAX_HANDSHAKE_MSG_LEN) { |
(void)ssl3_DecodeError(ss); |
- PORT_SetError(SSL_ERROR_RX_RECORD_TOO_LONG); |
+ PORT_SetError(SSL_ERROR_RX_MALFORMED_HANDSHAKE); |
return SECFailure; |
} |
#undef MAX_HANDSHAKE_MSG_LEN |
@@ -396,7 +394,7 @@ dtls_HandleHandshake(sslSocket *ss, sslBuffer *origBuf) |
* This avoids having to fill in the bitmask in the common |
* case of adjacent fragments received in sequence |
*/ |
- if (fragment_offset <= ss->ssl3.hs.recvdHighWater) { |
+ if (fragment_offset <= (unsigned int)ss->ssl3.hs.recvdHighWater) { |
/* Either this is the adjacent fragment or an overlapping |
* fragment */ |
ss->ssl3.hs.recvdHighWater = fragment_offset + |
@@ -676,7 +674,7 @@ dtls_TransmitMessageFlight(sslSocket *ss) |
/* The reason we use 8 here is that that's the length of |
* the new DTLS data that we add to the header */ |
- fragment_len = PR_MIN(room_left - (SSL3_BUFFER_FUDGE + 8), |
+ fragment_len = PR_MIN((PRUint32)room_left - (SSL3_BUFFER_FUDGE + 8), |
content_len - fragment_offset); |
PORT_Assert(fragment_len < DTLS_MAX_MTU - 12); |
/* Make totally sure that we are within the buffer. |