feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

internal.c: don't check TLS13 plaintext limit twice

Browse Source 
Plaintext size is checked before decryption in TLS 1.3
This commit is contained in:
Marco Oliverio
2022-05-10 12:39:11 +02:00
parent 0c7e9a0104
commit 445c1e6ceb
1 changed files with 3 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/internal.c
View File

@ -17410,7 +17410,9 @@ int ProcessReplyEx(WOLFSSL* ssl, int allowSocketErr)
}
else
#endif
if (ssl->buffers.inputBuffer.length -
/* TLS13 plaintext limit is checked earlier before decryption */
if (!IsAtLeastTLSv1_3(ssl->version)
&& ssl->buffers.inputBuffer.length -
ssl->keys.padSz -
ssl->buffers.inputBuffer.idx > MAX_PLAINTEXT_SZ
#ifdef WOLFSSL_ASYNC_CRYPT