diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 2b5775339..c7f8e4858 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -5813,19 +5813,21 @@ static int ssl_get_next_record( mbedtls_ssl_context *ssl ) } /* - * Read and optionally decrypt the message contents + * Make sure the entire record contents are available. + * + * In TLS, this means fetching them from the underlying transport. + * In DTLS, it means checking that the incoming datagram is large enough. */ - if( ( ret = mbedtls_ssl_fetch_input( ssl, - mbedtls_ssl_in_hdr_len( ssl ) + ssl->in_msglen ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_fetch_input", ret ); - return( ret ); - } - - /* Done reading this record, get ready for the next one */ #if defined(MBEDTLS_SSL_PROTO_DTLS) if( MBEDTLS_SSL_TRANSPORT_IS_DTLS( ssl->conf->transport ) ) { + if( ssl->in_left < mbedtls_ssl_in_hdr_len( ssl ) + ssl->in_msglen ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "Datagram too small to contain record." ) ); + return( MBEDTLS_ERR_SSL_INVALID_RECORD ); + } + + /* Remember offset of next record within datagram. */ ssl->next_record_offset = ssl->in_msglen + mbedtls_ssl_in_hdr_len( ssl ); if( ssl->next_record_offset < ssl->in_left ) { @@ -5833,12 +5835,24 @@ static int ssl_get_next_record( mbedtls_ssl_context *ssl ) } } MBEDTLS_SSL_TRANSPORT_ELSE -#endif +#endif /* MBEDTLS_SSL_PROTO_DTLS */ #if defined(MBEDTLS_SSL_PROTO_TLS) { + ret = mbedtls_ssl_fetch_input( ssl, + mbedtls_ssl_in_hdr_len( ssl ) + ssl->in_msglen ); + if( ret != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_fetch_input", ret ); + return( ret ); + } + ssl->in_left = 0; } -#endif +#endif /* MBEDTLS_SSL_PROTO_TLS */ + + /* + * Decrypt record contents. + */ if( ( ret = ssl_prepare_record_content( ssl ) ) != 0 ) {