Fix the wrong variable being used for TLS record size checks

Fix an issue whereby a variable was used to check the size of incoming TLS records against the configured maximum prior to it being set to the right value. Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2025-07-28 00:21:48 +03:00 · 2022-06-10 14:11:31 +01:00
parent a745c7d439
commit 668b31f210
2 changed files with 5 additions and 1 deletions
--- a/library/ssl_msg.c
+++ b/library/ssl_msg.c
@ -3757,7 +3757,7 @@ static int ssl_prepare_record_content( mbedtls_ssl_context *ssl,

    /* Check actual (decrypted) record content length against
     * configured maximum. */
-    if( ssl->in_msglen > MBEDTLS_SSL_IN_CONTENT_LEN )
+    if( rec->data_len > MBEDTLS_SSL_IN_CONTENT_LEN )
    {
        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad message length" ) );
        return( MBEDTLS_ERR_SSL_INVALID_RECORD );