forked from wolfSSL/wolfssl
Merge pull request #2687 from ejohnstown/dtls-cap
DTLS Handshake Message Cap
This commit is contained in:
@ -12380,6 +12380,14 @@ static int DoDtlsHandShakeMsg(WOLFSSL* ssl, byte* input, word32* inOutIdx,
|
|||||||
return PARSE_ERROR;
|
return PARSE_ERROR;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/* Cap the maximum size of a handshake message to something reasonable.
|
||||||
|
* By default is the maximum size of a certificate message assuming
|
||||||
|
* nine 2048-bit RSA certificates in the chain. */
|
||||||
|
if (size > MAX_HANDSHAKE_SZ) {
|
||||||
|
WOLFSSL_MSG("Handshake message too large");
|
||||||
|
return HANDSHAKE_SIZE_ERROR;
|
||||||
|
}
|
||||||
|
|
||||||
/* check that we have complete fragment */
|
/* check that we have complete fragment */
|
||||||
if (*inOutIdx + fragSz > totalSz) {
|
if (*inOutIdx + fragSz > totalSz) {
|
||||||
WOLFSSL_ERROR(INCOMPLETE_DATA);
|
WOLFSSL_ERROR(INCOMPLETE_DATA);
|
||||||
|
Reference in New Issue
Block a user