diff options
| -rw-r--r-- | src/lib/libssl/tls13_record_layer.c | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/src/lib/libssl/tls13_record_layer.c b/src/lib/libssl/tls13_record_layer.c index af4e7f2454..7093da48a7 100644 --- a/src/lib/libssl/tls13_record_layer.c +++ b/src/lib/libssl/tls13_record_layer.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: tls13_record_layer.c,v 1.51 2020/08/10 18:54:45 tb Exp $ */ | 1 | /* $OpenBSD: tls13_record_layer.c,v 1.52 2020/08/11 19:25:40 jsing Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org> | 3 | * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org> |
| 4 | * | 4 | * |
| @@ -576,8 +576,11 @@ tls13_record_layer_open_record_protected(struct tls13_record_layer *rl) | |||
| 576 | inner_len = out_len - 1; | 576 | inner_len = out_len - 1; |
| 577 | while (inner_len >= 0 && content[inner_len] == 0) | 577 | while (inner_len >= 0 && content[inner_len] == 0) |
| 578 | inner_len--; | 578 | inner_len--; |
| 579 | if (inner_len < 0) | 579 | if (inner_len < 0) { |
| 580 | /* Unexpected message per RFC 8446 section 5.4. */ | ||
| 581 | rl->alert = TLS13_ALERT_UNEXPECTED_MESSAGE; | ||
| 580 | goto err; | 582 | goto err; |
| 583 | } | ||
| 581 | if (inner_len > TLS13_RECORD_MAX_PLAINTEXT_LEN) { | 584 | if (inner_len > TLS13_RECORD_MAX_PLAINTEXT_LEN) { |
| 582 | rl->alert = SSL_AD_RECORD_OVERFLOW; | 585 | rl->alert = SSL_AD_RECORD_OVERFLOW; |
| 583 | goto err; | 586 | goto err; |