Don't fail on record with unexpected CID
This commit changes the stack's behaviour when facing a record with a non-matching CID. Previously, the stack failed in this case, while now we silently skip over the current record.
This commit is contained in:
parent
938489a1bc
commit
16ded98bef
1 changed files with 5 additions and 1 deletions
|
@ -2576,7 +2576,8 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context *ssl,
|
|||
if( rec->cid_len != transform->in_cid_len ||
|
||||
memcmp( rec->cid, transform->in_cid, rec->cid_len ) != 0 )
|
||||
{
|
||||
return( MBEDTLS_ERR_SSL_INVALID_RECORD );
|
||||
/* Silently skip over record with mismatching CID. */
|
||||
return( MBEDTLS_ERR_SSL_UNEXPECTED_RECORD );
|
||||
}
|
||||
#endif /* MBEDTLS_SSL_CID */
|
||||
|
||||
|
@ -5095,6 +5096,9 @@ static int ssl_prepare_record_content( mbedtls_ssl_context *ssl )
|
|||
&rec ) ) != 0 )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_RET( 1, "ssl_decrypt_buf", ret );
|
||||
if( ret == MBEDTLS_ERR_SSL_UNEXPECTED_RECORD )
|
||||
ret = MBEDTLS_ERR_SSL_CONTINUE_PROCESSING;
|
||||
|
||||
return( ret );
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in a new issue