From e538d8287e31e70e20002c3a3256a0994b236f18 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 10 Jul 2019 14:50:10 +0100 Subject: [PATCH] Move size-check for DTLS record header with CID to DTLS-only branch --- library/ssl_tls.c | 22 ++++++++++++---------- 1 file changed, 12 insertions(+), 10 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 204fa43e4..14a5a49ee 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -4924,6 +4924,18 @@ static int ssl_parse_record_header( mbedtls_ssl_context *ssl ) * fixed in the configuration. */ ssl->in_len = ssl->in_cid + ssl->conf->cid_len; ssl->in_iv = ssl->in_msg = ssl->in_len + 2; + + /* Now that the total length of the record header is known, ensure + * that the current datagram is large enough to hold it. + * This would fail, for example, if we received a datagram of + * size 13 + n Bytes where n is less than the size of incoming CIDs. + */ + ret = mbedtls_ssl_fetch_input( ssl, mbedtls_ssl_in_hdr_len( ssl ) ); + if( ret != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_fetch_input", ret ); + return( ret ); + } } else #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ @@ -4955,16 +4967,6 @@ static int ssl_parse_record_header( mbedtls_ssl_context *ssl ) return( MBEDTLS_ERR_SSL_INVALID_RECORD ); } - /* Now that the total length of the record header is known, ensure - * that the current datagram is large enough to hold it. - * This would fail, for example, if we received a datagram of - * size 13 + n Bytes where n is less than the size of incoming CIDs. */ - ret = mbedtls_ssl_fetch_input( ssl, mbedtls_ssl_in_hdr_len( ssl ) ); - if( ret != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_fetch_input", ret ); - return( ret ); - } MBEDTLS_SSL_DEBUG_BUF( 4, "input record header", ssl->in_hdr, mbedtls_ssl_in_hdr_len( ssl ) ); /* Parse and validate record length