Check for invalid short Alert messages

(Short Change Cipher Spec & Handshake messages are already checked for.)
2025-11-04 09:35:00 +00:00 · 2018-06-20 15:43:50 +10:00 · 2018-06-20 15:43:50 +10:00 · fd1c5e8453
parent 485b3930c9
commit fd1c5e8453
2 changed files with 12 additions and 0 deletions
--- a/2
+++ b/2
@ -20,6 +20,8 @@ Bugfix
     seen when communicating with OpenSSL using TLS 1.0. Reported by @kFYatek
     (#1632) and by Conor Murphy on the forum. Fix contributed by Espressif
     Systems.
+   * Fail when receiving a TLS alert message with an invalid length, or invalid
+     zero-length messages when using TLS 1.2. Contributed by Espressif Systems.

 Changes
   * Change the shebang line in Perl scripts to look up perl in the PATH.
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@ -4071,6 +4071,16 @@ read_record_header:

    if( ssl->in_msgtype == MBEDTLS_SSL_MSG_ALERT )
    {
+        if( ssl->in_msglen != 2 )
+        {
+            /* Note: Standard allows for more than one 2 byte alert
+               to be packed in a single message, but Mbed TLS doesn't
+               currently support this. */
+            MBEDTLS_SSL_DEBUG_MSG( 1, ( "invalid alert message, len: %d",
+                           ssl->in_msglen ) );
+            return( MBEDTLS_ERR_SSL_INVALID_RECORD );
+        }
+
        MBEDTLS_SSL_DEBUG_MSG( 2, ( "got an alert message, type: [%d:%d]",
                       ssl->in_msg[0], ssl->in_msg[1] ) );