mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-11-26 18:05:37 +01:00
Check for invalid short Alert messages
(Short Change Cipher Spec & Handshake messages are already checked for.)
This commit is contained in:
parent
485b3930c9
commit
fd1c5e8453
@ -20,6 +20,8 @@ Bugfix
|
|||||||
seen when communicating with OpenSSL using TLS 1.0. Reported by @kFYatek
|
seen when communicating with OpenSSL using TLS 1.0. Reported by @kFYatek
|
||||||
(#1632) and by Conor Murphy on the forum. Fix contributed by Espressif
|
(#1632) and by Conor Murphy on the forum. Fix contributed by Espressif
|
||||||
Systems.
|
Systems.
|
||||||
|
* Fail when receiving a TLS alert message with an invalid length, or invalid
|
||||||
|
zero-length messages when using TLS 1.2. Contributed by Espressif Systems.
|
||||||
|
|
||||||
Changes
|
Changes
|
||||||
* Change the shebang line in Perl scripts to look up perl in the PATH.
|
* Change the shebang line in Perl scripts to look up perl in the PATH.
|
||||||
|
@ -4071,6 +4071,16 @@ read_record_header:
|
|||||||
|
|
||||||
if( ssl->in_msgtype == MBEDTLS_SSL_MSG_ALERT )
|
if( ssl->in_msgtype == MBEDTLS_SSL_MSG_ALERT )
|
||||||
{
|
{
|
||||||
|
if( ssl->in_msglen != 2 )
|
||||||
|
{
|
||||||
|
/* Note: Standard allows for more than one 2 byte alert
|
||||||
|
to be packed in a single message, but Mbed TLS doesn't
|
||||||
|
currently support this. */
|
||||||
|
MBEDTLS_SSL_DEBUG_MSG( 1, ( "invalid alert message, len: %d",
|
||||||
|
ssl->in_msglen ) );
|
||||||
|
return( MBEDTLS_ERR_SSL_INVALID_RECORD );
|
||||||
|
}
|
||||||
|
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "got an alert message, type: [%d:%d]",
|
MBEDTLS_SSL_DEBUG_MSG( 2, ( "got an alert message, type: [%d:%d]",
|
||||||
ssl->in_msg[0], ssl->in_msg[1] ) );
|
ssl->in_msg[0], ssl->in_msg[1] ) );
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user