Add run-time check for record content size in ssl_encrypt_buf

This commit is contained in:
Hanno Becker 2017-09-18 10:55:31 +01:00
parent a8434e8f95
commit d33f1ca34c

View file

@ -1268,6 +1268,13 @@ static int ssl_encrypt_buf( mbedtls_ssl_context *ssl )
MBEDTLS_SSL_DEBUG_BUF( 4, "before encrypt: output payload",
ssl->out_msg, ssl->out_msglen );
if( ssl->out_msglen > MBEDTLS_SSL_MAX_CONTENT_LEN )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "Record content too large, maximum %d",
MBEDTLS_SSL_MAX_CONTENT_LEN ) );
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
}
/*
* Add MAC before if needed
*/