mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-11-30 09:54:14 +01:00
Expain rationale for handling of consecutive empty AD records
This commit is contained in:
parent
76a79ab4a2
commit
6e7700df17
@ -5081,8 +5081,10 @@ static int ssl_prepare_record_content( mbedtls_ssl_context *ssl )
|
|||||||
if( ssl->nb_zero > 3 )
|
if( ssl->nb_zero > 3 )
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "received four consecutive empty "
|
MBEDTLS_SSL_DEBUG_MSG( 1, ( "received four consecutive empty "
|
||||||
"messages, possible DoS attack" ) );
|
"messages, possible DoS attack" ) );
|
||||||
/* Q: Is that the right error code? */
|
/* Treat the records as if they were not properly authenticated,
|
||||||
|
* thereby failing the connection if we see more than allowed
|
||||||
|
* by the configured bad MAC threshold. */
|
||||||
return( MBEDTLS_ERR_SSL_INVALID_MAC );
|
return( MBEDTLS_ERR_SSL_INVALID_MAC );
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user