Merge pull request #2687 from ejohnstown/dtls-cap

DTLS Handshake Message Cap
This commit is contained in:
toddouska
2019-12-18 13:50:52 -08:00
committed by GitHub

View File

@ -12380,6 +12380,14 @@ static int DoDtlsHandShakeMsg(WOLFSSL* ssl, byte* input, word32* inOutIdx,
return PARSE_ERROR; return PARSE_ERROR;
} }
/* Cap the maximum size of a handshake message to something reasonable.
* By default is the maximum size of a certificate message assuming
* nine 2048-bit RSA certificates in the chain. */
if (size > MAX_HANDSHAKE_SZ) {
WOLFSSL_MSG("Handshake message too large");
return HANDSHAKE_SIZE_ERROR;
}
/* check that we have complete fragment */ /* check that we have complete fragment */
if (*inOutIdx + fragSz > totalSz) { if (*inOutIdx + fragSz > totalSz) {
WOLFSSL_ERROR(INCOMPLETE_DATA); WOLFSSL_ERROR(INCOMPLETE_DATA);