summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--src/lib/libssl/tls13_record_layer.c24
1 files changed, 21 insertions, 3 deletions
diff --git a/src/lib/libssl/tls13_record_layer.c b/src/lib/libssl/tls13_record_layer.c
index 5e6f8e1e5b..6c48c93f08 100644
--- a/src/lib/libssl/tls13_record_layer.c
+++ b/src/lib/libssl/tls13_record_layer.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: tls13_record_layer.c,v 1.47 2020/05/29 17:54:58 jsing Exp $ */ 1/* $OpenBSD: tls13_record_layer.c,v 1.48 2020/06/01 07:59:49 tb Exp $ */
2/* 2/*
3 * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org> 3 * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
4 * 4 *
@@ -52,6 +52,9 @@ struct tls13_record_layer {
52 size_t wrec_appdata_len; 52 size_t wrec_appdata_len;
53 size_t wrec_content_len; 53 size_t wrec_content_len;
54 54
55 /* Alert to be sent on return from current read handler. */
56 uint8_t alert;
57
55 /* Pending alert messages. */ 58 /* Pending alert messages. */
56 uint8_t *alert_data; 59 uint8_t *alert_data;
57 size_t alert_len; 60 size_t alert_len;
@@ -504,6 +507,11 @@ tls13_record_layer_open_record_plaintext(struct tls13_record_layer *rl)
504 if (!tls13_record_content(rl->rrec, &cbs)) 507 if (!tls13_record_content(rl->rrec, &cbs))
505 return 0; 508 return 0;
506 509
510 if (CBS_len(&cbs) > TLS13_RECORD_MAX_PLAINTEXT_LEN) {
511 rl->alert = SSL_AD_RECORD_OVERFLOW;
512 return 0;
513 }
514
507 tls13_record_layer_rbuf_free(rl); 515 tls13_record_layer_rbuf_free(rl);
508 516
509 if (!CBS_stow(&cbs, &rl->rbuf, &rl->rbuf_len)) 517 if (!CBS_stow(&cbs, &rl->rbuf, &rl->rbuf_len))
@@ -548,8 +556,10 @@ tls13_record_layer_open_record_protected(struct tls13_record_layer *rl)
548 CBS_data(&header), CBS_len(&header))) 556 CBS_data(&header), CBS_len(&header)))
549 goto err; 557 goto err;
550 558
551 if (out_len > TLS13_RECORD_MAX_INNER_PLAINTEXT_LEN) 559 if (out_len > TLS13_RECORD_MAX_INNER_PLAINTEXT_LEN) {
560 rl->alert = SSL_AD_RECORD_OVERFLOW;
552 goto err; 561 goto err;
562 }
553 563
554 if (!tls13_record_layer_inc_seq_num(rl->read_seq_num)) 564 if (!tls13_record_layer_inc_seq_num(rl->read_seq_num))
555 goto err; 565 goto err;
@@ -565,8 +575,10 @@ tls13_record_layer_open_record_protected(struct tls13_record_layer *rl)
565 content_len--; 575 content_len--;
566 if (content_len < 0) 576 if (content_len < 0)
567 goto err; 577 goto err;
568 if (content_len > TLS13_RECORD_MAX_PLAINTEXT_LEN) 578 if (content_len > TLS13_RECORD_MAX_PLAINTEXT_LEN) {
579 rl->alert = SSL_AD_RECORD_OVERFLOW;
569 goto err; 580 goto err;
581 }
570 content_type = content[content_len]; 582 content_type = content[content_len];
571 583
572 tls13_record_layer_rbuf_free(rl); 584 tls13_record_layer_rbuf_free(rl);
@@ -995,6 +1007,9 @@ tls13_record_layer_peek(struct tls13_record_layer *rl, uint8_t content_type,
995 ret = tls13_record_layer_read_internal(rl, content_type, buf, n, 1); 1007 ret = tls13_record_layer_read_internal(rl, content_type, buf, n, 1);
996 } while (ret == TLS13_IO_WANT_RETRY); 1008 } while (ret == TLS13_IO_WANT_RETRY);
997 1009
1010 if (rl->alert != 0)
1011 return tls13_send_alert(rl, rl->alert);
1012
998 return ret; 1013 return ret;
999} 1014}
1000 1015
@@ -1008,6 +1023,9 @@ tls13_record_layer_read(struct tls13_record_layer *rl, uint8_t content_type,
1008 ret = tls13_record_layer_read_internal(rl, content_type, buf, n, 0); 1023 ret = tls13_record_layer_read_internal(rl, content_type, buf, n, 0);
1009 } while (ret == TLS13_IO_WANT_RETRY); 1024 } while (ret == TLS13_IO_WANT_RETRY);
1010 1025
1026 if (rl->alert != 0)
1027 return tls13_send_alert(rl, rl->alert);
1028
1011 return ret; 1029 return ret;
1012} 1030}
1013 1031
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-11-01 08:11:11 +0000