Unconditionally validate TLS 1.2 ciphertext size in ProcessReply F-1476

This commit is contained in:
Juliusz Sosinowicz
2026-04-03 10:03:17 +02:00
parent f28fd3746b
commit f2b9e3d654
+3 -7
View File
@@ -23005,9 +23005,7 @@ default:
}
if (IsEncryptionOn(ssl, 0)) {
#if defined(WOLFSSL_TLS13) || defined(WOLFSSL_EXTRA_ALERTS)
int tooLong = 0;
#endif
#ifdef WOLFSSL_TLS13
if (IsAtLeastTLSv1_3(ssl->version)) {
@@ -23017,18 +23015,16 @@ default:
MAX_TLS13_PLAIN_SZ;
}
}
else
#endif
#ifdef WOLFSSL_EXTRA_ALERTS
if (!IsAtLeastTLSv1_3(ssl->version))
{
tooLong = ssl->curSize > MAX_TLS_CIPHER_SZ;
#endif
#if defined(WOLFSSL_TLS13) || defined(WOLFSSL_EXTRA_ALERTS)
}
if (tooLong) {
WOLFSSL_MSG("Encrypted data too long");
SendAlert(ssl, alert_fatal, record_overflow);
return BUFFER_ERROR;
}
#endif
}
ssl->keys.padSz = 0;