Don't call ssl_fetch_input for record content fetch in DTLS
As explained in the previous commit, if mbedtls_ssl_fetch_input() is called multiple times, all but the first call are equivalent to bounds checks in the incoming datagram.
This commit is contained in:
parent
59be60e98b
commit
a8814794e9
1 changed files with 25 additions and 9 deletions
|
@ -5980,19 +5980,21 @@ static int ssl_get_next_record( mbedtls_ssl_context *ssl )
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Read and optionally decrypt the message contents
|
* Make sure the entire record contents are available.
|
||||||
|
*
|
||||||
|
* In TLS, this means fetching them from the underlying transport.
|
||||||
|
* In DTLS, it means checking that the incoming datagram is large enough.
|
||||||
*/
|
*/
|
||||||
if( ( ret = mbedtls_ssl_fetch_input( ssl,
|
|
||||||
mbedtls_ssl_in_hdr_len( ssl ) + ssl->in_msglen ) ) != 0 )
|
|
||||||
{
|
|
||||||
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_fetch_input", ret );
|
|
||||||
return( ret );
|
|
||||||
}
|
|
||||||
|
|
||||||
/* Done reading this record, get ready for the next one */
|
|
||||||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||||
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
|
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
|
||||||
{
|
{
|
||||||
|
if( ssl->in_left < mbedtls_ssl_in_hdr_len( ssl ) + ssl->in_msglen )
|
||||||
|
{
|
||||||
|
MBEDTLS_SSL_DEBUG_MSG( 1, ( "Datagram too small to contain record." ) );
|
||||||
|
return( MBEDTLS_ERR_SSL_INVALID_RECORD );
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Remember offset of next record within datagram. */
|
||||||
ssl->next_record_offset = ssl->in_msglen + mbedtls_ssl_in_hdr_len( ssl );
|
ssl->next_record_offset = ssl->in_msglen + mbedtls_ssl_in_hdr_len( ssl );
|
||||||
if( ssl->next_record_offset < ssl->in_left )
|
if( ssl->next_record_offset < ssl->in_left )
|
||||||
{
|
{
|
||||||
|
@ -6001,7 +6003,21 @@ static int ssl_get_next_record( mbedtls_ssl_context *ssl )
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
#endif
|
#endif
|
||||||
|
{
|
||||||
|
ret = mbedtls_ssl_fetch_input( ssl,
|
||||||
|
mbedtls_ssl_in_hdr_len( ssl ) + ssl->in_msglen );
|
||||||
|
if( ret != 0 )
|
||||||
|
{
|
||||||
|
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_fetch_input", ret );
|
||||||
|
return( ret );
|
||||||
|
}
|
||||||
|
|
||||||
ssl->in_left = 0;
|
ssl->in_left = 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Decrypt record contents.
|
||||||
|
*/
|
||||||
|
|
||||||
if( ( ret = ssl_prepare_record_content( ssl ) ) != 0 )
|
if( ( ret = ssl_prepare_record_content( ssl ) ) != 0 )
|
||||||
{
|
{
|
||||||
|
|
Loading…
Reference in a new issue