mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2025-08-03 20:54:41 +02:00
check DTLS sequence number against window a little earlier
This commit is contained in:
John Safranek
@@ -3374,6 +3374,11 @@ static int GetRecordHeader(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
|
|||||||
#endif
|
#endif
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#ifdef WOLFSSL_DTLS
|
||||||
|
if (ssl->options.dtls && !DtlsCheckWindow(&ssl->keys.dtls_state))
|
||||||
|
return SEQUENCE_ERROR;
|
||||||
|
#endif
|
||||||
|
|
||||||
/* catch version mismatch */
|
/* catch version mismatch */
|
||||||
if (rh->pvMajor != ssl->version.major || rh->pvMinor != ssl->version.minor){
|
if (rh->pvMajor != ssl->version.major || rh->pvMinor != ssl->version.minor){
|
||||||
if (ssl->options.side == WOLFSSL_SERVER_END &&
|
if (ssl->options.side == WOLFSSL_SERVER_END &&
|
||||||
@@ -3395,13 +3400,6 @@ static int GetRecordHeader(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
#ifdef WOLFSSL_DTLS
|
|
||||||
if (ssl->options.dtls) {
|
|
||||||
if (DtlsCheckWindow(&ssl->keys.dtls_state) != 1)
|
|
||||||
return SEQUENCE_ERROR;
|
|
||||||
}
|
|
||||||
#endif
|
|
||||||
|
|
||||||
/* record layer length check */
|
/* record layer length check */
|
||||||
#ifdef HAVE_MAX_FRAGMENT
|
#ifdef HAVE_MAX_FRAGMENT
|
||||||
if (*size > (ssl->max_fragment + MAX_COMP_EXTRA + MAX_MSG_EXTRA)) {
|
if (*size > (ssl->max_fragment + MAX_COMP_EXTRA + MAX_MSG_EXTRA)) {
|
||||||
|
|||||||
Reference in New Issue
Block a user