cuberite/polarssl
1
0
Fork 0
mirror of https://github.com/cuberite/polarssl.git synced 2025-09-09 15:22:11 -04:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #950 from paul-elliott-arm/fix_tls_record_size_check_2_28

Browse Source 
(Backport 2.28) Fix the wrong variable being used for TLS record size checks
This commit is contained in:
Manuel Pégourié-Gonnard 2022-07-01 12:29:43 +02:00 committed by GitHub
commit af36c76ce3
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
ChangeLog.d/fix_tls_record_size_check.txt Normal file
View File

@ -0,0 +1,4 @@
Bugfix
* Fix record sizes larger than 16384 being sometimes accepted despite being
non-compliant. This could not lead to a buffer overflow. In particular,
application data size was already checked correctly.

2
library/ssl_msg.c
View File

@ -3908,7 +3908,7 @@ static int ssl_prepare_record_content( mbedtls_ssl_context *ssl,
/* Check actual (decrypted) record content length against /* Check actual (decrypted) record content length against
* configured maximum. */ * configured maximum. */
if( ssl->in_msglen > MBEDTLS_SSL_IN_CONTENT_LEN ) if( rec->data_len > MBEDTLS_SSL_IN_CONTENT_LEN )
{ {
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad message length" ) ); MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad message length" ) );
return( MBEDTLS_ERR_SSL_INVALID_RECORD ); return( MBEDTLS_ERR_SSL_INVALID_RECORD );