diff options
| -rw-r--r-- | src/lib/libssl/tls13_record_layer.c | 23 |
1 files changed, 12 insertions, 11 deletions
diff --git a/src/lib/libssl/tls13_record_layer.c b/src/lib/libssl/tls13_record_layer.c index 6b9f5d1419..40ac9b7cd4 100644 --- a/src/lib/libssl/tls13_record_layer.c +++ b/src/lib/libssl/tls13_record_layer.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: tls13_record_layer.c,v 1.64 2021/09/16 19:25:30 jsing Exp $ */ | 1 | /* $OpenBSD: tls13_record_layer.c,v 1.65 2021/12/15 17:57:45 jsing Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org> | 3 | * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org> |
| 4 | * | 4 | * |
| @@ -528,8 +528,7 @@ tls13_record_layer_open_record_plaintext(struct tls13_record_layer *rl) | |||
| 528 | static int | 528 | static int |
| 529 | tls13_record_layer_open_record_protected(struct tls13_record_layer *rl) | 529 | tls13_record_layer_open_record_protected(struct tls13_record_layer *rl) |
| 530 | { | 530 | { |
| 531 | CBS header, enc_record; | 531 | CBS header, enc_record, inner; |
| 532 | ssize_t inner_len; | ||
| 533 | uint8_t *content = NULL; | 532 | uint8_t *content = NULL; |
| 534 | size_t content_len = 0; | 533 | size_t content_len = 0; |
| 535 | uint8_t content_type; | 534 | uint8_t content_type; |
| @@ -571,22 +570,24 @@ tls13_record_layer_open_record_protected(struct tls13_record_layer *rl) | |||
| 571 | * it may be followed by padding that consists of one or more zeroes. | 570 | * it may be followed by padding that consists of one or more zeroes. |
| 572 | * Time to hunt for that elusive content type! | 571 | * Time to hunt for that elusive content type! |
| 573 | */ | 572 | */ |
| 574 | /* XXX - CBS from end? CBS_get_end_u8()? */ | 573 | CBS_init(&inner, content, out_len); |
| 575 | inner_len = out_len - 1; | 574 | content_type = 0; |
| 576 | while (inner_len >= 0 && content[inner_len] == 0) | 575 | while (CBS_get_last_u8(&inner, &content_type)) { |
| 577 | inner_len--; | 576 | if (content_type != 0) |
| 578 | if (inner_len < 0) { | 577 | break; |
| 578 | } | ||
| 579 | if (content_type == 0) { | ||
| 579 | /* Unexpected message per RFC 8446 section 5.4. */ | 580 | /* Unexpected message per RFC 8446 section 5.4. */ |
| 580 | rl->alert = TLS13_ALERT_UNEXPECTED_MESSAGE; | 581 | rl->alert = TLS13_ALERT_UNEXPECTED_MESSAGE; |
| 581 | goto err; | 582 | goto err; |
| 582 | } | 583 | } |
| 583 | if (inner_len > TLS13_RECORD_MAX_PLAINTEXT_LEN) { | 584 | if (CBS_len(&inner) > TLS13_RECORD_MAX_PLAINTEXT_LEN) { |
| 584 | rl->alert = TLS13_ALERT_RECORD_OVERFLOW; | 585 | rl->alert = TLS13_ALERT_RECORD_OVERFLOW; |
| 585 | goto err; | 586 | goto err; |
| 586 | } | 587 | } |
| 587 | content_type = content[inner_len]; | ||
| 588 | 588 | ||
| 589 | tls_content_set_data(rl->rcontent, content_type, content, inner_len); | 589 | tls_content_set_data(rl->rcontent, content_type, CBS_data(&inner), |
| 590 | CBS_len(&inner)); | ||
| 590 | 591 | ||
| 591 | return 1; | 592 | return 1; |
| 592 | 593 | ||