mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2026-07-06 09:20:49 +02:00
Unconditionally validate TLS 1.2 ciphertext size in ProcessReply F-1476
This commit is contained in:
+3
-7
@@ -23005,9 +23005,7 @@ default:
|
||||
}
|
||||
|
||||
if (IsEncryptionOn(ssl, 0)) {
|
||||
#if defined(WOLFSSL_TLS13) || defined(WOLFSSL_EXTRA_ALERTS)
|
||||
int tooLong = 0;
|
||||
#endif
|
||||
|
||||
#ifdef WOLFSSL_TLS13
|
||||
if (IsAtLeastTLSv1_3(ssl->version)) {
|
||||
@@ -23017,18 +23015,16 @@ default:
|
||||
MAX_TLS13_PLAIN_SZ;
|
||||
}
|
||||
}
|
||||
else
|
||||
#endif
|
||||
#ifdef WOLFSSL_EXTRA_ALERTS
|
||||
if (!IsAtLeastTLSv1_3(ssl->version))
|
||||
{
|
||||
tooLong = ssl->curSize > MAX_TLS_CIPHER_SZ;
|
||||
#endif
|
||||
#if defined(WOLFSSL_TLS13) || defined(WOLFSSL_EXTRA_ALERTS)
|
||||
}
|
||||
if (tooLong) {
|
||||
WOLFSSL_MSG("Encrypted data too long");
|
||||
SendAlert(ssl, alert_fatal, record_overflow);
|
||||
return BUFFER_ERROR;
|
||||
}
|
||||
#endif
|
||||
}
|
||||
ssl->keys.padSz = 0;
|
||||
|
||||
|
||||
Reference in New Issue
Block a user