mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2025-01-24 15:41:07 +00:00
TLSv1.2: Treat zero-length fragments as invalid, unless they are application data
TLS v1.2 explicitly disallows other kinds of zero length fragments (earlier standards don't mention zero-length fragments at all).
This commit is contained in:
parent
1226dd7715
commit
485b3930c9
|
@ -2034,6 +2034,16 @@ static int ssl_decrypt_buf( mbedtls_ssl_context *ssl )
|
||||||
|
|
||||||
if( ssl->in_msglen == 0 )
|
if( ssl->in_msglen == 0 )
|
||||||
{
|
{
|
||||||
|
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||||
|
if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3
|
||||||
|
&& ssl->in_msgtype != MBEDTLS_SSL_MSG_APPLICATION_DATA )
|
||||||
|
{
|
||||||
|
/* TLS v1.2 explicitly disallows zero-length messages which are not application data */
|
||||||
|
MBEDTLS_SSL_DEBUG_MSG( 1, ( "invalid zero-length message type: %d", ssl->in_msgtype ) );
|
||||||
|
return( MBEDTLS_ERR_SSL_INVALID_RECORD );
|
||||||
|
}
|
||||||
|
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
|
||||||
|
|
||||||
ssl->nb_zero++;
|
ssl->nb_zero++;
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
|
Loading…
Reference in a new issue