yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2025-01-09 05:25:32 +00:00
Code Issues Packages Projects Releases Wiki Activity

TLSv1.2: Treat zero-length fragments as invalid, unless they are application data

Browse source 
TLS v1.2 explicitly disallows other kinds of zero length fragments (earlier standards
don't mention zero-length fragments at all).
This commit is contained in:
Angus Gratton 2018-06-19 15:58:22 +10:00 committed by Andres Amaya Garcia
parent 1226dd7715
commit 485b3930c9
1 changed files with 10 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
library/ssl_tls.c
View file

@ -2034,6 +2034,16 @@ static int ssl_decrypt_buf( mbedtls_ssl_context *ssl )
if( ssl->in_msglen == 0 ) if( ssl->in_msglen == 0 )
{ {
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3
&& ssl->in_msgtype != MBEDTLS_SSL_MSG_APPLICATION_DATA )
{
/* TLS v1.2 explicitly disallows zero-length messages which are not application data */
MBEDTLS_SSL_DEBUG_MSG( 1, ( "invalid zero-length message type: %d", ssl->in_msgtype ) );
return( MBEDTLS_ERR_SSL_INVALID_RECORD );
}
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
ssl->nb_zero++; ssl->nb_zero++;
/* /*