wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-07-31 19:24:42 +02:00
Code Issues Packages Projects Releases Wiki Activity

internal.c: don't check TLS13 plaintext limit twice

Browse Source 
Plaintext size is checked before decryption in TLS 1.3
This commit is contained in:
Marco Oliverio
2022-05-10 12:39:11 +02:00
parent 0c7e9a0104
commit 445c1e6ceb
1 changed files with 3 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/internal.c
View File

@@ -17410,7 +17410,9 @@ int ProcessReplyEx(WOLFSSL* ssl, int allowSocketErr)
} }
else else
#endif #endif
if (ssl->buffers.inputBuffer.length - /* TLS13 plaintext limit is checked earlier before decryption */
if (!IsAtLeastTLSv1_3(ssl->version)
&& ssl->buffers.inputBuffer.length -
ssl->keys.padSz - ssl->keys.padSz -
ssl->buffers.inputBuffer.idx > MAX_PLAINTEXT_SZ ssl->buffers.inputBuffer.idx > MAX_PLAINTEXT_SZ
#ifdef WOLFSSL_ASYNC_CRYPT #ifdef WOLFSSL_ASYNC_CRYPT