mirror of
https://github.com/Mbed-TLS/mbedtls.git
synced 2025-07-29 11:41:15 +03:00
Merge remote-tracking branch 'restricted/pr/403' into development-restricted
* restricted/pr/403: Correct record header size in case of TLS Don't allocate space for DTLS header if DTLS is disabled Improve debugging output Adapt ChangeLog Add run-time check for handshake message size in ssl_write_record Add run-time check for record content size in ssl_encrypt_buf Add compile-time checks for size of record content and payload
This commit is contained in:
@ -1268,6 +1268,14 @@ static int ssl_encrypt_buf( mbedtls_ssl_context *ssl )
|
||||
MBEDTLS_SSL_DEBUG_BUF( 4, "before encrypt: output payload",
|
||||
ssl->out_msg, ssl->out_msglen );
|
||||
|
||||
if( ssl->out_msglen > MBEDTLS_SSL_MAX_CONTENT_LEN )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "Record content %u too large, maximum %d",
|
||||
(unsigned) ssl->out_msglen,
|
||||
MBEDTLS_SSL_MAX_CONTENT_LEN ) );
|
||||
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
|
||||
}
|
||||
|
||||
/*
|
||||
* Add MAC before if needed
|
||||
*/
|
||||
@ -2733,6 +2741,15 @@ int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl )
|
||||
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
|
||||
{
|
||||
/* Make room for the additional DTLS fields */
|
||||
if( MBEDTLS_SSL_MAX_CONTENT_LEN - ssl->out_msglen < 8 )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "DTLS handshake message too large: "
|
||||
"size %u, maximum %u",
|
||||
(unsigned) ( ssl->in_hslen - 4 ),
|
||||
(unsigned) ( MBEDTLS_SSL_MAX_CONTENT_LEN - 12 ) ) );
|
||||
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
|
||||
}
|
||||
|
||||
memmove( ssl->out_msg + 12, ssl->out_msg + 4, len - 4 );
|
||||
ssl->out_msglen += 8;
|
||||
len += 8;
|
||||
|
Reference in New Issue
Block a user