From df1b7f34f173cfc2968ce12e8fcd2fd8bcc61a59 Mon Sep 17 00:00:00 2001
From: Sean Parkinson <sean@wolfssl.com>
Date: Mon, 27 Apr 2020 15:27:02 +1000
Subject: [PATCH] In TLS 1.3, don't allow multiple ChangeCipherSpecs in a row

---
 src/internal.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/src/internal.c b/src/internal.c
index fbdbb13a0..e7d67ff85 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -15157,6 +15157,7 @@ int ProcessReply(WOLFSSL* ssl)
                     }
                     else {
 #ifdef WOLFSSL_TLS13
+                        ssl->msgsReceived.got_change_cipher = 0;
                         ret = DoTls13HandShakeMsg(ssl,
                                             ssl->buffers.inputBuffer.buffer,
                                             &ssl->buffers.inputBuffer.idx,
@@ -15219,6 +15220,13 @@ int ProcessReply(WOLFSSL* ssl)
                             return UNKNOWN_RECORD_TYPE;
                         }
                         ssl->buffers.inputBuffer.idx++;
+                        if (!ssl->msgsReceived.got_change_cipher) {
+                            ssl->msgsReceived.got_change_cipher = 1;
+                        }
+                        else {
+                            SendAlert(ssl, alert_fatal, illegal_parameter);
+                            return UNKNOWN_RECORD_TYPE;
+                        }
                         break;
                     }
     #endif