feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Merge pull request #2305 from SparkiDev/doalert_fix

Browse Source 
Better handling of alerts
This commit is contained in:
toddouska
2019-07-08 12:50:26 -07:00
committed by GitHub
parent 60d6d71636 7d2ac604f5
commit 74324bb1b5
1 changed files with 20 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
src/internal.c
View File

@ -12919,6 +12919,7 @@ static int DoAlert(WOLFSSL* ssl, byte* input, word32* inOutIdx, int* type,
{ {
byte level; byte level;
byte code; byte code;
word32 dataSz = totalSz - *inOutIdx;
#if defined(WOLFSSL_CALLBACKS) || defined(OPENSSL_EXTRA) #if defined(WOLFSSL_CALLBACKS) || defined(OPENSSL_EXTRA)
if (ssl->hsInfoOn) if (ssl->hsInfoOn)
@ -12930,14 +12931,16 @@ static int DoAlert(WOLFSSL* ssl, byte* input, word32* inOutIdx, int* type,
READ_PROTO, ssl->heap); READ_PROTO, ssl->heap);
#endif #endif
if (++ssl->options.alertCount >= WOLFSSL_ALERT_COUNT_MAX) { if (IsEncryptionOn(ssl, 0))
WOLFSSL_MSG("Alert count exceeded"); dataSz -= ssl->keys.padSz;
return ALERT_COUNT_E;
}
/* make sure can read the message */ /* make sure can read the message */
if (*inOutIdx + ALERT_SIZE > totalSz) if (dataSz != ALERT_SIZE) {
#ifdef WOLFSSL_EXTRA_ALERTS
SendAlert(ssl, alert_fatal, unexpected_message);
#endif
return BUFFER_E; return BUFFER_E;
}
level = input[(*inOutIdx)++]; level = input[(*inOutIdx)++];
code = input[(*inOutIdx)++]; code = input[(*inOutIdx)++];
@ -12948,6 +12951,15 @@ static int DoAlert(WOLFSSL* ssl, byte* input, word32* inOutIdx, int* type,
ssl->options.isClosed = 1; /* Don't send close_notify */ ssl->options.isClosed = 1; /* Don't send close_notify */
} }
if (++ssl->options.alertCount >= WOLFSSL_ALERT_COUNT_MAX) {
WOLFSSL_MSG("Alert count exceeded");
#ifdef WOLFSSL_EXTRA_ALERTS
if (level != alert_warning || code != close_notify)
SendAlert(ssl, alert_fatal, unexpected_message);
#endif
return ALERT_COUNT_E;
}
WOLFSSL_MSG("Got alert"); WOLFSSL_MSG("Got alert");
if (*type == close_notify) { if (*type == close_notify) {
WOLFSSL_MSG("\tclose notify"); WOLFSSL_MSG("\tclose notify");
@ -12955,18 +12967,15 @@ static int DoAlert(WOLFSSL* ssl, byte* input, word32* inOutIdx, int* type,
} }
#ifdef WOLFSSL_TLS13 #ifdef WOLFSSL_TLS13
if (*type == decode_error) { if (*type == decode_error) {
WOLFSSL_MSG(" decode error"); WOLFSSL_MSG("\tdecode error");
} }
if (*type == illegal_parameter) { if (*type == illegal_parameter) {
WOLFSSL_MSG(" illegal parameter"); WOLFSSL_MSG("\tillegal parameter");
} }
#endif #endif
WOLFSSL_ERROR(*type); WOLFSSL_ERROR(*type);
if (IsEncryptionOn(ssl, 0)) { if (IsEncryptionOn(ssl, 0))
if (*inOutIdx + ssl->keys.padSz > totalSz)
return BUFFER_E;
*inOutIdx += ssl->keys.padSz; *inOutIdx += ssl->keys.padSz;
}
return level; return level;
} }