lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-07-25 02:02:03 +03:00
Code Activity

Add run-time check for record content size in ssl_encrypt_buf

Browse Source
This commit is contained in:
Hanno Becker
2017-09-18 10:55:31 +01:00
parent a8434e8f95
commit d33f1ca34c
1 changed files with 7 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
library/ssl_tls.c
View File

@ -1268,6 +1268,13 @@ static int ssl_encrypt_buf( mbedtls_ssl_context *ssl )
MBEDTLS_SSL_DEBUG_BUF( 4, "before encrypt: output payload",
ssl->out_msg, ssl->out_msglen );
if( ssl->out_msglen > MBEDTLS_SSL_MAX_CONTENT_LEN )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "Record content too large, maximum %d",
MBEDTLS_SSL_MAX_CONTENT_LEN ) );
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
}
/*
* Add MAC before if needed
*/