fix: GetDtls13RecordHeader:requires correct minimum size

2022-09-20 09:29:13 +02:00
parent a36604079b
commit 804081e7c2
3 changed files with 10 additions and 10 deletions
--- a/src/dtls13.c
+++ b/src/dtls13.c
@@ -90,8 +90,6 @@ typedef struct Dtls13RecordPlaintextHeader {

 /* size of the len field in the unified header */
 #define DTLS13_LEN_SIZE 2
-/* size of the mask used to encrypt/decrypt Record Number  */
-#define DTLS13_RN_MASK_SIZE 16
 /* size of the flags in the unified header */
 #define DTLS13_HDR_FLAGS_SIZE 1
 /* size of the sequence number wher SEQ_LEN_BIT is present */
--- a/src/internal.c
+++ b/src/internal.c
@@ -10176,13 +10176,15 @@ static int GetDtls13RecordHeader(WOLFSSL* ssl, word32* inOutIdx,
    if (ret != 0)
        return ret;

-    if (readSize < ssl->dtls13CurRlLength) {
+    if (readSize < ssl->dtls13CurRlLength + DTLS13_RN_MASK_SIZE) {
        /* when using DTLS over a medium that does not guarantee that a full
         * message is received in a single read, we may end up without the full
-         * header */
-        ret = GetInputData(ssl, ssl->dtls13CurRlLength - readSize);
+         * header and minimum ciphertext to decrypt record sequence numbers */
+        ret = GetInputData(ssl, ssl->dtls13CurRlLength + DTLS13_RN_MASK_SIZE);
        if (ret != 0)
            return ret;
+
+        readSize = ssl->buffers.inputBuffer.length - *inOutIdx;
    }

    ret = Dtls13ParseUnifiedRecordLayer(ssl,
@@ -10234,11 +10236,8 @@ static int GetDtlsRecordHeader(WOLFSSL* ssl, word32* inOutIdx,
 #endif

 #ifdef WOLFSSL_DTLS13
-    word32 read_size;
    int ret;

-    read_size = ssl->buffers.inputBuffer.length - *inOutIdx;
-
    if (Dtls13IsUnifiedHeader(*(ssl->buffers.inputBuffer.buffer + *inOutIdx))) {

        /* version 1.3 already negotiated */
@@ -10263,8 +10262,8 @@ static int GetDtlsRecordHeader(WOLFSSL* ssl, word32* inOutIdx,

    /* not a unified header, check that we have at least
     * DTLS_RECORD_HEADER_SZ */
-    if (read_size < DTLS_RECORD_HEADER_SZ) {
-        ret = GetInputData(ssl, DTLS_RECORD_HEADER_SZ - read_size);
+    if (ssl->buffers.inputBuffer.length - *inOutIdx < DTLS_RECORD_HEADER_SZ) {
+        ret = GetInputData(ssl, DTLS_RECORD_HEADER_SZ);
        if (ret != 0)
            return LENGTH_ERROR;
    }
--- a/wolfssl/internal.h
+++ b/wolfssl/internal.h
@@ -4640,6 +4640,9 @@ typedef enum EarlyDataState {

 #ifdef WOLFSSL_DTLS13

+/* size of the mask used to encrypt/decrypt Record Number  */
+#define DTLS13_RN_MASK_SIZE 16
+
 typedef struct Dtls13UnifiedHdrInfo {
    word16 recordLength;
    byte seqLo;