From d417cc945cf9dd6aad9e6cfca710187cf1fb537e Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Fri, 26 Jul 2019 08:20:27 +0100
Subject: [PATCH] Reintroduce length 0 check for records

---
 library/ssl_tls.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 3e0552c4ec..a9c099c1fb 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -5109,6 +5109,9 @@ static int ssl_parse_record_header( mbedtls_ssl_context const *ssl,
     rec->buf     = buf;
     rec->buf_len = rec->data_offset + rec->data_len;
 
+    if( rec->data_len == 0 )
+        return( MBEDTLS_ERR_SSL_INVALID_RECORD );
+
     /*
      * DTLS-related tests.
      * Check epoch before checking length constraint because