wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-07-31 03:07:29 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #7638 from gasbytes/patch

Browse Source 
added check if the buf is at least RECORD_HEADER_SZ
This commit is contained in:
Daniel Pouzzner
2024-06-13 14:27:40 -04:00
committed by GitHub
parent 897d55f060 88527a3d6e
commit 385a097646
1 changed files with 15 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
src/quic.c
View File

@ -188,7 +188,7 @@ static word32 add_rec_header(byte* output, word32 length, byte type)
return RECORD_HEADER_SZ; return RECORD_HEADER_SZ;
} }
static word32 quic_record_transfer(QuicRecord* qr, byte* buf, word32 sz) static sword32 quic_record_transfer(QuicRecord* qr, byte* buf, word32 sz)
{ {
word32 len = qr->end - qr->start; word32 len = qr->end - qr->start;
word32 offset = 0; word32 offset = 0;
@ -197,6 +197,12 @@ static word32 quic_record_transfer(QuicRecord* qr, byte* buf, word32 sz)
if (len <= 0) { if (len <= 0) {
return 0; return 0;
} }
/* We check if the buf is at least RECORD_HEADER_SZ */
if (sz < RECORD_HEADER_SZ) {
return -1;
}
if (qr->rec_hdr_remain == 0) { if (qr->rec_hdr_remain == 0) {
/* start a new TLS record */ /* start a new TLS record */
rlen = (qr->len <= (word32)MAX_RECORD_SIZE) ? rlen = (qr->len <= (word32)MAX_RECORD_SIZE) ?
@ -218,7 +224,7 @@ static word32 quic_record_transfer(QuicRecord* qr, byte* buf, word32 sz)
qr->start += len; qr->start += len;
qr->rec_hdr_remain -= len; qr->rec_hdr_remain -= len;
} }
return len + offset; return (sword32)(len + offset);
} }
@ -766,7 +772,7 @@ cleanup:
/* Called internally when SSL wants a certain amount of input. */ /* Called internally when SSL wants a certain amount of input. */
int wolfSSL_quic_receive(WOLFSSL* ssl, byte* buf, word32 sz) int wolfSSL_quic_receive(WOLFSSL* ssl, byte* buf, word32 sz)
{ {
word32 n = 0; sword32 n = 0;
int transferred = 0; int transferred = 0;
WOLFSSL_ENTER("wolfSSL_quic_receive"); WOLFSSL_ENTER("wolfSSL_quic_receive");
@ -774,6 +780,11 @@ int wolfSSL_quic_receive(WOLFSSL* ssl, byte* buf, word32 sz)
n = 0; n = 0;
if (ssl->quic.input_head) { if (ssl->quic.input_head) {
n = quic_record_transfer(ssl->quic.input_head, buf, sz); n = quic_record_transfer(ssl->quic.input_head, buf, sz);
/* record too small to be fit into a RecordLayerHeader struct. */
if (n == -1) {
return -1;
}
if (quic_record_done(ssl->quic.input_head)) { if (quic_record_done(ssl->quic.input_head)) {
QuicRecord* qr = ssl->quic.input_head; QuicRecord* qr = ssl->quic.input_head;
ssl->quic.input_head = qr->next; ssl->quic.input_head = qr->next;
@ -791,7 +802,7 @@ int wolfSSL_quic_receive(WOLFSSL* ssl, byte* buf, word32 sz)
ssl->error = transferred = WANT_READ; ssl->error = transferred = WANT_READ;
goto cleanup; goto cleanup;
} }
sz -= n; sz -= (word32)n;
buf += n; buf += n;
transferred += (int)n; transferred += (int)n;
} }