diff options
Diffstat (limited to 'ssl')
| -rw-r--r-- | ssl/statem/statem_dtls.c | 35 |
1 files changed, 18 insertions, 17 deletions
diff --git a/ssl/statem/statem_dtls.c b/ssl/statem/statem_dtls.c index de2de09796..043f41b724 100644 --- a/ssl/statem/statem_dtls.c +++ b/ssl/statem/statem_dtls.c @@ -388,6 +388,20 @@ int dtls_get_message(SSL *s, int *mt, unsigned long *len) return 1; } +/* + * dtls1_max_handshake_message_len returns the maximum number of bytes + * permitted in a DTLS handshake message for |s|. The minimum is 16KB, but + * may be greater if the maximum certificate list size requires it. + */ +static unsigned long dtls1_max_handshake_message_len(const SSL *s) +{ + unsigned long max_len = + DTLS1_HM_HEADER_LENGTH + SSL3_RT_MAX_ENCRYPTED_LENGTH; + if (max_len < (unsigned long)s->max_cert_list) + return s->max_cert_list; + return max_len; +} + static int dtls1_preprocess_fragment(SSL *s, struct hm_header_st *msg_hdr) { size_t frag_off, frag_len, msg_len; @@ -397,15 +411,16 @@ static int dtls1_preprocess_fragment(SSL *s, struct hm_header_st *msg_hdr) frag_len = msg_hdr->frag_len; /* sanity checking */ - if ((frag_off + frag_len) > msg_len) { + if ((frag_off + frag_len) > msg_len + || msg_len > dtls1_max_handshake_message_len(s)) { SSLerr(SSL_F_DTLS1_PREPROCESS_FRAGMENT, SSL_R_EXCESSIVE_MESSAGE_SIZE); return SSL_AD_ILLEGAL_PARAMETER; } if (s->d1->r_msg_hdr.frag_off == 0) { /* first fragment */ /* - * msg_len is limited to 2^24, but is effectively checked against max - * above + * msg_len is limited to 2^24, but is effectively checked against + * dtls_max_handshake_message_len(s) above */ if (!BUF_MEM_grow_clean(s->init_buf, msg_len + DTLS1_HM_HEADER_LENGTH)) { SSLerr(SSL_F_DTLS1_PREPROCESS_FRAGMENT, ERR_R_BUF_LIB); @@ -493,20 +508,6 @@ static int dtls1_retrieve_buffered_fragment(SSL *s, int *ok) return 0; } -/* - * dtls1_max_handshake_message_len returns the maximum number of bytes - * permitted in a DTLS handshake message for |s|. The minimum is 16KB, but - * may be greater if the maximum certificate list size requires it. - */ -static unsigned long dtls1_max_handshake_message_len(const SSL *s) -{ - unsigned long max_len = - DTLS1_HM_HEADER_LENGTH + SSL3_RT_MAX_ENCRYPTED_LENGTH; - if (max_len < (unsigned long)s->max_cert_list) - return s->max_cert_list; - return max_len; -} - static int dtls1_reassemble_fragment(SSL *s, const struct hm_header_st *msg_hdr, int *ok) { |