wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-07-31 19:24:42 +02:00
Code Issues Packages Projects Releases Wiki Activity

internal.c: fix: plaintext check account for the current record only

Browse Source
This commit is contained in:
Marco Oliverio
2022-05-10 12:49:18 +02:00
parent db23d8a0cf
commit f06ac9965c
1 changed files with 3 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
src/internal.c
View File

@@ -17398,10 +17398,9 @@ int ProcessReplyEx(WOLFSSL* ssl, int allowSocketErr)
#if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY) #if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY)
if (IsEncryptionOn(ssl, 0) && ssl->options.startedETMRead) { if (IsEncryptionOn(ssl, 0) && ssl->options.startedETMRead) {
if ((ssl->buffers.inputBuffer.length - if ((ssl->curSize -
ssl->keys.padSz - ssl->keys.padSz -
MacSize(ssl) - MacSize(ssl) > MAX_PLAINTEXT_SZ)
ssl->buffers.inputBuffer.idx > MAX_PLAINTEXT_SZ)
#ifdef WOLFSSL_ASYNC_CRYPT #ifdef WOLFSSL_ASYNC_CRYPT
&& ssl->buffers.inputBuffer.length != && ssl->buffers.inputBuffer.length !=
ssl->buffers.inputBuffer.idx ssl->buffers.inputBuffer.idx
@@ -17418,9 +17417,7 @@ int ProcessReplyEx(WOLFSSL* ssl, int allowSocketErr)
#endif #endif
/* TLS13 plaintext limit is checked earlier before decryption */ /* TLS13 plaintext limit is checked earlier before decryption */
if (!IsAtLeastTLSv1_3(ssl->version) if (!IsAtLeastTLSv1_3(ssl->version)
&& ssl->buffers.inputBuffer.length - && ssl->curSize - ssl->keys.padSz > MAX_PLAINTEXT_SZ
ssl->keys.padSz -
ssl->buffers.inputBuffer.idx > MAX_PLAINTEXT_SZ
#ifdef WOLFSSL_ASYNC_CRYPT #ifdef WOLFSSL_ASYNC_CRYPT
&& ssl->buffers.inputBuffer.length != && ssl->buffers.inputBuffer.length !=
ssl->buffers.inputBuffer.idx ssl->buffers.inputBuffer.idx