yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2025-01-12 19:35:38 +00:00
Code Issues Packages Projects Releases Wiki Activity

Expain rationale for handling of consecutive empty AD records

Browse source
This commit is contained in:
Hanno Becker 2019-05-08 10:38:32 +01:00
parent 78c430269b
commit 70463dbb2d
1 changed files with 4 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
library/ssl_tls.c
View file

@ -4659,8 +4659,10 @@ static int ssl_prepare_record_content( mbedtls_ssl_context *ssl )
if( ssl->nb_zero > 3 ) if( ssl->nb_zero > 3 )
{ {
MBEDTLS_SSL_DEBUG_MSG( 1, ( "received four consecutive empty " MBEDTLS_SSL_DEBUG_MSG( 1, ( "received four consecutive empty "
"messages, possible DoS attack" ) ); "messages, possible DoS attack" ) );
/* Q: Is that the right error code? */ /* Treat the records as if they were not properly authenticated,
* thereby failing the connection if we see more than allowed
* by the configured bad MAC threshold. */
return( MBEDTLS_ERR_SSL_INVALID_MAC ); return( MBEDTLS_ERR_SSL_INVALID_MAC );
} }
} }