mirror of
https://github.com/Mbed-TLS/mbedtls.git
synced 2025-07-28 00:21:48 +03:00
- Fixed potential memory corruption on miscrafted client messages (found by Frama-C team at CEA LIST)
This commit is contained in:
@ -880,6 +880,13 @@ static int ssl_decrypt_buf( ssl_context *ssl )
|
||||
/*
|
||||
* Always compute the MAC (RFC4346, CBCTIME).
|
||||
*/
|
||||
if( ssl->in_msglen <= ssl->maclen + padlen )
|
||||
{
|
||||
SSL_DEBUG_MSG( 1, ( "msglen (%d) < maclen (%d) + padlen (%d)",
|
||||
ssl->in_msglen, ssl->maclen, padlen ) );
|
||||
return( POLARSSL_ERR_SSL_INVALID_MAC );
|
||||
}
|
||||
|
||||
ssl->in_msglen -= ( ssl->maclen + padlen );
|
||||
|
||||
ssl->in_hdr[3] = (unsigned char)( ssl->in_msglen >> 8 );
|
||||
|
Reference in New Issue
Block a user