Fix the wrong variable being used for TLS record size checks
Fix an issue whereby a variable was used to check the size of incoming TLS records against the configured maximum prior to it being set to the right value. Signed-off-by: Paul Elliott <paul.elliott@arm.com>
This commit is contained in:
parent
a745c7d439
commit
668b31f210
2 changed files with 5 additions and 1 deletions
4
ChangeLog.d/fix_tls_record_size_check.txt
Normal file
4
ChangeLog.d/fix_tls_record_size_check.txt
Normal file
|
@ -0,0 +1,4 @@
|
||||||
|
Bugfix
|
||||||
|
* Fix record sizes larger than 16384 being sometimes accepted despite being
|
||||||
|
non-compliant. This could not lead to a buffer overflow. In particular,
|
||||||
|
application data size was already checked correctly.
|
|
@ -3757,7 +3757,7 @@ static int ssl_prepare_record_content( mbedtls_ssl_context *ssl,
|
||||||
|
|
||||||
/* Check actual (decrypted) record content length against
|
/* Check actual (decrypted) record content length against
|
||||||
* configured maximum. */
|
* configured maximum. */
|
||||||
if( ssl->in_msglen > MBEDTLS_SSL_IN_CONTENT_LEN )
|
if( rec->data_len > MBEDTLS_SSL_IN_CONTENT_LEN )
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad message length" ) );
|
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad message length" ) );
|
||||||
return( MBEDTLS_ERR_SSL_INVALID_RECORD );
|
return( MBEDTLS_ERR_SSL_INVALID_RECORD );
|
||||||
|
|
Loading…
Reference in a new issue