diff options
author | Matt Caswell <matt@openssl.org> | 2017-03-06 15:13:25 +0000 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2017-03-06 20:07:40 +0000 |
commit | 432196951390796cf2353de2d92f952f1deaa9d0 (patch) | |
tree | a2f7e71198546e1298e11b21b17c752b3bf58361 /ssl/record | |
parent | febb0afaef47ed74b2bdbde0b4278263390f4185 (diff) |
Tweak the TLSv1.3 record overflow limits
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2861)
Diffstat (limited to 'ssl/record')
-rw-r--r-- | ssl/record/ssl3_record.c | 26 |
1 files changed, 19 insertions, 7 deletions
diff --git a/ssl/record/ssl3_record.c b/ssl/record/ssl3_record.c index 4149969f2d..1e281fc19f 100644 --- a/ssl/record/ssl3_record.c +++ b/ssl/record/ssl3_record.c @@ -340,6 +340,25 @@ int ssl3_get_record(SSL *s) /* now s->rlayer.rstate == SSL_ST_READ_BODY */ } + if (SSL_IS_TLS13(s)) { + if (thisrr->length > SSL3_RT_MAX_TLS13_ENCRYPTED_LENGTH) { + al = SSL_AD_RECORD_OVERFLOW; + SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_ENCRYPTED_LENGTH_TOO_LONG); + goto f_err; + } + } else { + size_t len = SSL3_RT_MAX_ENCRYPTED_LENGTH; + + if (s->expand == NULL) + len -= SSL3_RT_MAX_COMPRESSED_OVERHEAD; + + if (thisrr->length > len) { + al = SSL_AD_RECORD_OVERFLOW; + SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_ENCRYPTED_LENGTH_TOO_LONG); + goto f_err; + } + } + /* * s->rlayer.rstate == SSL_ST_READ_BODY, get and decode the data. * Calculate how much more data we need to read for the rest of the @@ -388,13 +407,6 @@ int ssl3_get_record(SSL *s) * thisrr->length bytes of encrypted compressed stuff. */ - /* check is not needed I believe */ - if (thisrr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH) { - al = SSL_AD_RECORD_OVERFLOW; - SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_ENCRYPTED_LENGTH_TOO_LONG); - goto f_err; - } - /* decrypt in place in 'thisrr->input' */ thisrr->data = thisrr->input; thisrr->orig_len = thisrr->length; |