Don't call ssl_fetch_input for record content fetch in DTLS

As explained in the previous commit, if mbedtls_ssl_fetch_input()
is called multiple times, all but the first call are equivalent to
bounds checks in the incoming datagram.
This commit is contained in:
Hanno Becker 2019-07-10 15:01:45 +01:00
parent 59be60e98b
commit a8814794e9

View file

@ -5980,19 +5980,21 @@ static int ssl_get_next_record( mbedtls_ssl_context *ssl )
} }
/* /*
* Read and optionally decrypt the message contents * Make sure the entire record contents are available.
*
* In TLS, this means fetching them from the underlying transport.
* In DTLS, it means checking that the incoming datagram is large enough.
*/ */
if( ( ret = mbedtls_ssl_fetch_input( ssl,
mbedtls_ssl_in_hdr_len( ssl ) + ssl->in_msglen ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_fetch_input", ret );
return( ret );
}
/* Done reading this record, get ready for the next one */
#if defined(MBEDTLS_SSL_PROTO_DTLS) #if defined(MBEDTLS_SSL_PROTO_DTLS)
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
{ {
if( ssl->in_left < mbedtls_ssl_in_hdr_len( ssl ) + ssl->in_msglen )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "Datagram too small to contain record." ) );
return( MBEDTLS_ERR_SSL_INVALID_RECORD );
}
/* Remember offset of next record within datagram. */
ssl->next_record_offset = ssl->in_msglen + mbedtls_ssl_in_hdr_len( ssl ); ssl->next_record_offset = ssl->in_msglen + mbedtls_ssl_in_hdr_len( ssl );
if( ssl->next_record_offset < ssl->in_left ) if( ssl->next_record_offset < ssl->in_left )
{ {
@ -6001,7 +6003,21 @@ static int ssl_get_next_record( mbedtls_ssl_context *ssl )
} }
else else
#endif #endif
{
ret = mbedtls_ssl_fetch_input( ssl,
mbedtls_ssl_in_hdr_len( ssl ) + ssl->in_msglen );
if( ret != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_fetch_input", ret );
return( ret );
}
ssl->in_left = 0; ssl->in_left = 0;
}
/*
* Decrypt record contents.
*/
if( ( ret = ssl_prepare_record_content( ssl ) ) != 0 ) if( ( ret = ssl_prepare_record_content( ssl ) ) != 0 )
{ {