From d61af5d9ae6a77fba3bee2144611fcafd0ba990f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Mois=C3=A9s=20Guimar=C3=A3es?= <moisesguimaraesm@gmail.com>
Date: Thu, 18 Sep 2014 21:21:26 -0300
Subject: [PATCH] adds record_overflow alert used by max_fragment_length tls
 extension.

---
 cyassl/ssl.h   | 1 +
 src/internal.c | 8 ++++++--
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/cyassl/ssl.h b/cyassl/ssl.h
index 601223272..4209d0317 100644
--- a/cyassl/ssl.h
+++ b/cyassl/ssl.h
@@ -159,6 +159,7 @@ enum AlertDescription {
     close_notify            = 0,
     unexpected_message      = 10,
     bad_record_mac          = 20,
+    record_overflow         = 22,
     decompression_failure   = 30,
     handshake_failure       = 40,
     no_certificate          = 41,
diff --git a/src/internal.c b/src/internal.c
index 7eff0ec14..23584c642 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -3021,8 +3021,10 @@ static int GetRecordHeader(CYASSL* ssl, const byte* input, word32* inOutIdx,
 
     /* record layer length check */
 #ifdef HAVE_MAX_FRAGMENT
-    if (*size > (ssl->max_fragment + MAX_COMP_EXTRA + MAX_MSG_EXTRA))
+    if (*size > (ssl->max_fragment + MAX_COMP_EXTRA + MAX_MSG_EXTRA)) {
+        SendAlert(ssl, alert_fatal, record_overflow);
         return LENGTH_ERROR;
+    }
 #else
     if (*size > (MAX_RECORD_SIZE + MAX_COMP_EXTRA + MAX_MSG_EXTRA))
         return LENGTH_ERROR;
@@ -3933,8 +3935,10 @@ static int DoCertificate(CYASSL* ssl, byte* input, word32* inOutIdx,
     *inOutIdx += OPAQUE24_LEN;
 
 #ifdef HAVE_MAX_FRAGMENT
-    if (listSz > ssl->max_fragment)
+    if (listSz > ssl->max_fragment) {
+        SendAlert(ssl, alert_fatal, record_overflow);
         return BUFFER_E;
+    }
 #else
     if (listSz > MAX_RECORD_SIZE)
         return BUFFER_E;