Merge pull request #936 from paul-elliott-arm/fix_tls_record_size_check

Fix the wrong variable being used for TLS record size checks

ChangeLog.d/fix_tls_record_size_check.txt

@@ -0,0 +1,4 @@
+Bugfix
+   * Fix record sizes larger than 16384 being sometimes accepted despite being
+     non-compliant. This could not lead to a buffer overflow. In particular,
+     application data size was already checked correctly.

library/ssl_msg.c

@@ -3809,7 +3809,7 @@ static int ssl_prepare_record_content( mbedtls_ssl_context *ssl,
 
     /* Check actual (decrypted) record content length against
      * configured maximum. */
-    if( ssl->in_msglen > MBEDTLS_SSL_IN_CONTENT_LEN )
+    if( rec->data_len > MBEDTLS_SSL_IN_CONTENT_LEN )
     {
         MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad message length" ) );
         return( MBEDTLS_ERR_SSL_INVALID_RECORD );