mirror of https://github.com/wolfSSL/wolfssl.git
Drop DTLS packets with bogus minor version number
Marco Oliverio
parent
6790c95e94
commit
22f41a8dbb
|
|
@ -11788,6 +11788,10 @@ static int GetDtlsRecordHeader(WOLFSSL* ssl, word32* inOutIdx,
|
|||
*inOutIdx += ENUM_LEN + VERSION_SZ;
|
||||
ato16(ssl->buffers.inputBuffer.buffer + *inOutIdx, &ssl->keys.curEpoch);
|
||||
|
||||
if (rh->pvMajor == DTLS_MAJOR && rh->pvMinor == DTLS_BOGUS_MINOR) {
|
||||
return SEQUENCE_ERROR;
|
||||
}
|
||||
|
||||
#ifdef WOLFSSL_DTLS_CID
|
||||
if (rh->type == dtls12_cid && (cidSz = DtlsGetCidRxSize(ssl)) == 0)
|
||||
return DTLS_CID_ERROR;
|
||||
|
|
|
|||
|
|
@ -68023,6 +68023,7 @@ TEST_CASE testCases[] = {
|
|||
TEST_DECL(test_wolfSSL_dtls_cid_parse),
|
||||
TEST_DECL(test_dtls13_epochs),
|
||||
TEST_DECL(test_dtls13_ack_order),
|
||||
TEST_DECL(test_dtls_version_checking),
|
||||
TEST_DECL(test_ocsp_status_callback),
|
||||
TEST_DECL(test_ocsp_basic_verify),
|
||||
TEST_DECL(test_ocsp_response_parsing),
|
||||
|
|
|
|||
|
|
@ -727,3 +727,52 @@ int test_dtls13_ack_order(void)
|
|||
#endif
|
||||
return EXPECT_RESULT();
|
||||
}
|
||||
|
||||
int test_dtls_version_checking(void)
|
||||
{
|
||||
EXPECT_DECLS;
|
||||
#if defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && defined(WOLFSSL_DTLS)
|
||||
WOLFSSL_CTX *ctx_c = NULL, *ctx_s = NULL;
|
||||
WOLFSSL *ssl_c = NULL, *ssl_s = NULL;
|
||||
struct test_memio_ctx test_ctx;
|
||||
|
||||
XMEMSET(&test_ctx, 0, sizeof(test_ctx));
|
||||
|
||||
ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s,
|
||||
wolfDTLSv1_2_client_method, wolfDTLSv1_2_server_method),
|
||||
0);
|
||||
|
||||
/* CH */
|
||||
ExpectIntEQ(wolfSSL_connect(ssl_c), WOLFSSL_FATAL_ERROR);
|
||||
ExpectIntEQ(wolfSSL_get_error(ssl_c, WOLFSSL_FATAL_ERROR),
|
||||
WOLFSSL_ERROR_WANT_READ);
|
||||
|
||||
/* modify CH DTLS header to have version 1.1 (0xfe, 0xfe) */
|
||||
ExpectIntGE(test_ctx.s_len, 3);
|
||||
if (EXPECT_SUCCESS()) {
|
||||
test_ctx.s_buff[1] = 0xfe;
|
||||
test_ctx.s_buff[2] = 0xfe;
|
||||
}
|
||||
|
||||
ExpectIntEQ(wolfSSL_accept(ssl_s), WOLFSSL_FATAL_ERROR);
|
||||
ExpectIntEQ(wolfSSL_get_error(ssl_s, WOLFSSL_FATAL_ERROR),
|
||||
WOLFSSL_ERROR_WANT_READ);
|
||||
/* server should drop the message */
|
||||
ExpectIntEQ(test_ctx.c_len, 0);
|
||||
|
||||
wolfSSL_free(ssl_c);
|
||||
ssl_c = wolfSSL_new(ctx_c);
|
||||
ExpectNotNull(ssl_c);
|
||||
wolfSSL_SetIOWriteCtx(ssl_c, &test_ctx);
|
||||
wolfSSL_SetIOReadCtx(ssl_c, &test_ctx);
|
||||
|
||||
/* try again */
|
||||
ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0);
|
||||
|
||||
wolfSSL_free(ssl_c);
|
||||
wolfSSL_CTX_free(ctx_c);
|
||||
wolfSSL_free(ssl_s);
|
||||
wolfSSL_CTX_free(ctx_s);
|
||||
#endif /* HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES && WOLFSSL_DTLS */
|
||||
return EXPECT_RESULT();
|
||||
}
|
||||
|
|
|
|||
|
|
@ -27,5 +27,6 @@ int test_dtls13_basic_connection_id(void);
|
|||
int test_wolfSSL_dtls_cid_parse(void);
|
||||
int test_dtls13_epochs(void);
|
||||
int test_dtls13_ack_order(void);
|
||||
int test_dtls_version_checking(void);
|
||||
|
||||
#endif /* TESTS_API_DTLS_H */
|
||||
|
|
|
|||
Loading…
Reference in New Issue