From f661c9c39cf75fa2f2c233dbc8d736fed7faae1d Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 3 May 2019 13:25:54 +0100 Subject: [PATCH] Add helper function to check validity of record content type With the introduction of the CID feature, the stack needs to be able to handle a change of record content type during record protection, which in particular means that the record content type check will need to move or be duplicated. This commit introduces a tiny static helper function which checks the validity of record content types, which hopefully makes it easier to subsequently move or duplicate this check. --- library/ssl_tls.c | 18 ++++++++++++++---- 1 file changed, 14 insertions(+), 4 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 1192d24d9..8c3c74d23 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -4793,6 +4793,19 @@ static int ssl_handle_possible_reconnect( mbedtls_ssl_context *ssl ) } #endif /* MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE && MBEDTLS_SSL_SRV_C */ +static int ssl_check_record_type( uint8_t record_type ) +{ + if( record_type != MBEDTLS_SSL_MSG_HANDSHAKE && + record_type != MBEDTLS_SSL_MSG_ALERT && + record_type != MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC && + record_type != MBEDTLS_SSL_MSG_APPLICATION_DATA ) + { + return( MBEDTLS_ERR_SSL_INVALID_RECORD ); + } + + return( 0 ); +} + /* * ContentType type; * ProtocolVersion version; @@ -4828,10 +4841,7 @@ static int ssl_parse_record_header( mbedtls_ssl_context *ssl ) major_ver, minor_ver, ssl->in_msglen ) ); /* Check record type */ - if( ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE && - ssl->in_msgtype != MBEDTLS_SSL_MSG_ALERT && - ssl->in_msgtype != MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC && - ssl->in_msgtype != MBEDTLS_SSL_MSG_APPLICATION_DATA ) + if( ssl_check_record_type( ssl->in_msgtype ) ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "unknown record type" ) );