From 485b3930c93da4e0dc5d291ca94b89c434bb9bb5 Mon Sep 17 00:00:00 2001
From: Angus Gratton <angus@espressif.com>
Date: Tue, 19 Jun 2018 15:58:22 +1000
Subject: [PATCH] TLSv1.2: Treat zero-length fragments as invalid, unless they
 are application data

TLS v1.2 explicitly disallows other kinds of zero length fragments (earlier standards
don't mention zero-length fragments at all).
---
 library/ssl_tls.c | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index d751aa36b..03600f87e 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -2034,6 +2034,16 @@ static int ssl_decrypt_buf( mbedtls_ssl_context *ssl )
 
     if( ssl->in_msglen == 0 )
     {
+#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
+        if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3
+            && ssl->in_msgtype != MBEDTLS_SSL_MSG_APPLICATION_DATA )
+        {
+            /* TLS v1.2 explicitly disallows zero-length messages which are not application data */
+            MBEDTLS_SSL_DEBUG_MSG( 1, ( "invalid zero-length message type: %d", ssl->in_msgtype ) );
+            return( MBEDTLS_ERR_SSL_INVALID_RECORD );
+        }
+#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
+
         ssl->nb_zero++;
 
         /*