Check length before reading handshake header

include/polarssl/ssl.h

@@ -784,7 +784,8 @@ struct _ssl_context
                                      (equal to in_left if none)       */
 #endif
 
-    size_t in_hslen;            /*!< current handshake message length */
+    size_t in_hslen;            /*!< current handshake message length,
+                                     including the handshake header   */
     int nb_zero;                /*!< # of 0-length encrypted messages */
     int record_read;            /*!< record is already present        */
 
@@ -1948,6 +1949,17 @@ static inline size_t ssl_hdr_len( const ssl_context *ssl )
     return( 5 );
 }
 
+static inline size_t ssl_hs_hdr_len( const ssl_context *ssl )
+{
+#if defined(POLARSSL_SSL_PROTO_DTLS)
+    if( ssl->transport == SSL_TRANSPORT_DATAGRAM )
+        return( 12 );
+#else
+    ((void) ssl);
+#endif
+    return( 4 );
+}
+
 /* constant-time buffer comparison */
 static inline int safer_memcmp( const void *a, const void *b, size_t n )
 {

library/ssl_tls.c

@@ -2338,10 +2338,16 @@ static int ssl_reassemble_dtls_handshake( ssl_context *ssl )
 
 static int ssl_prepare_handshake_record( ssl_context *ssl )
 {
-    ssl->in_hslen  = ssl->transport == SSL_TRANSPORT_DATAGRAM ? 12 : 4;
+    if( ssl->in_msglen < ssl_hs_hdr_len( ssl ) )
-    ssl->in_hslen += ( ssl->in_msg[1] << 16 ) |
+    {
-                     ( ssl->in_msg[2] << 8  ) |
+        SSL_DEBUG_MSG( 1, ( "handshake message too short: %d",
-                       ssl->in_msg[3];
+                            ssl->in_msglen ) );
+    }
+
+    ssl->in_hslen = ssl_hs_hdr_len( ssl ) + (
+                    ( ssl->in_msg[1] << 16 ) |
+                    ( ssl->in_msg[2] << 8  ) |
+                      ssl->in_msg[3] );
 
     SSL_DEBUG_MSG( 3, ( "handshake message: msglen ="
                         " %d, type = %d, hslen = %d",