From a8814794e9e28047972ce49ee615440af6127b40 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 10 Jul 2019 15:01:45 +0100 Subject: [PATCH] Don't call ssl_fetch_input for record content fetch in DTLS As explained in the previous commit, if mbedtls_ssl_fetch_input() is called multiple times, all but the first call are equivalent to bounds checks in the incoming datagram. --- library/ssl_tls.c | 34 +++++++++++++++++++++++++--------- 1 file changed, 25 insertions(+), 9 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index bae772a20..4c7f9d019 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -5980,19 +5980,21 @@ static int ssl_get_next_record( mbedtls_ssl_context *ssl ) } /* - * Read and optionally decrypt the message contents + * Make sure the entire record contents are available. + * + * In TLS, this means fetching them from the underlying transport. + * In DTLS, it means checking that the incoming datagram is large enough. */ - if( ( ret = mbedtls_ssl_fetch_input( ssl, - mbedtls_ssl_in_hdr_len( ssl ) + ssl->in_msglen ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_fetch_input", ret ); - return( ret ); - } - - /* Done reading this record, get ready for the next one */ #if defined(MBEDTLS_SSL_PROTO_DTLS) if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) { + if( ssl->in_left < mbedtls_ssl_in_hdr_len( ssl ) + ssl->in_msglen ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "Datagram too small to contain record." ) ); + return( MBEDTLS_ERR_SSL_INVALID_RECORD ); + } + + /* Remember offset of next record within datagram. */ ssl->next_record_offset = ssl->in_msglen + mbedtls_ssl_in_hdr_len( ssl ); if( ssl->next_record_offset < ssl->in_left ) { @@ -6001,7 +6003,21 @@ static int ssl_get_next_record( mbedtls_ssl_context *ssl ) } else #endif + { + ret = mbedtls_ssl_fetch_input( ssl, + mbedtls_ssl_in_hdr_len( ssl ) + ssl->in_msglen ); + if( ret != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_fetch_input", ret ); + return( ret ); + } + ssl->in_left = 0; + } + + /* + * Decrypt record contents. + */ if( ( ret = ssl_prepare_record_content( ssl ) ) != 0 ) {