Add run-time check for handshake message size in ssl_write_record

This commit is contained in:
Hanno Becker 2017-09-18 10:55:54 +01:00
parent aede183630
commit 0983dc49d6

View file

@ -2731,6 +2731,15 @@ int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl )
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
{ {
/* Make room for the additional DTLS fields */ /* Make room for the additional DTLS fields */
if( MBEDTLS_SSL_MAX_CONTENT_LEN - ssl->out_msglen < 8 )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "DTLS handshake message too large: "
"size %u, maximum %u",
(unsigned) ( ssl->in_hslen - 4 ),
(unsigned) ( MBEDTLS_SSL_MAX_CONTENT_LEN - 12 ) ) );
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
}
memmove( ssl->out_msg + 12, ssl->out_msg + 4, len - 4 ); memmove( ssl->out_msg + 12, ssl->out_msg + 4, len - 4 );
ssl->out_msglen += 8; ssl->out_msglen += 8;
len += 8; len += 8;