yuzu-emu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2024-11-22 18:05:40 +01:00
Code Issues Packages Projects Releases Wiki Activity

Check for invalid short Alert messages

Browse Source 
(Short Change Cipher Spec & Handshake messages are already checked for.)
This commit is contained in:
Angus Gratton 2018-06-20 15:43:50 +10:00 committed by Simon Butcher
parent 34817929ea
commit 1a7a17e548
2 changed files with 12 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
ChangeLog
View File

@ -39,6 +39,8 @@ Bugfix
seen when communicating with OpenSSL using TLS 1.0. Reported by @kFYatek seen when communicating with OpenSSL using TLS 1.0. Reported by @kFYatek
(#1632) and by Conor Murphy on the forum. Fix contributed by Espressif (#1632) and by Conor Murphy on the forum. Fix contributed by Espressif
Systems. Systems.
* Fail when receiving a TLS alert message with an invalid length, or invalid
zero-length messages when using TLS 1.2. Contributed by Espressif Systems.
Changes Changes
* Change the shebang line in Perl scripts to look up perl in the PATH. * Change the shebang line in Perl scripts to look up perl in the PATH.

10
library/ssl_tls.c
View File

@ -4187,6 +4187,16 @@ int mbedtls_ssl_handle_message_type( mbedtls_ssl_context *ssl )
if( ssl->in_msgtype == MBEDTLS_SSL_MSG_ALERT ) if( ssl->in_msgtype == MBEDTLS_SSL_MSG_ALERT )
{ {
if( ssl->in_msglen != 2 )
{
/* Note: Standard allows for more than one 2 byte alert
to be packed in a single message, but Mbed TLS doesn't
currently support this. */
MBEDTLS_SSL_DEBUG_MSG( 1, ( "invalid alert message, len: %d",
ssl->in_msglen ) );
return( MBEDTLS_ERR_SSL_INVALID_RECORD );
}
MBEDTLS_SSL_DEBUG_MSG( 2, ( "got an alert message, type: [%d:%d]", MBEDTLS_SSL_DEBUG_MSG( 2, ( "got an alert message, type: [%d:%d]",
ssl->in_msg[0], ssl->in_msg[1] ) ); ssl->in_msg[0], ssl->in_msg[1] ) );