From 5d5aa129ca2ee85c6ec0f444ac7b2fb89786f479 Mon Sep 17 00:00:00 2001 From: John Safranek Date: Mon, 20 Jul 2020 16:14:53 -0700 Subject: [PATCH] When attempting to send a message with DTLS, if it is too large, return an error rather than splitting it across records. (ZD 10602) --- src/internal.c | 13 +++++++++---- wolfssl/error-ssl.h | 1 + 2 files changed, 10 insertions(+), 4 deletions(-) diff --git a/src/internal.c b/src/internal.c index 36eed125f..39af97f69 100644 --- a/src/internal.c +++ b/src/internal.c @@ -17709,9 +17709,11 @@ int SendData(WOLFSSL* ssl, const void* data, int sz) len = wolfSSL_GetMaxRecordSize(ssl, sz - sent); -#ifdef WOLFSSL_DTLS - if (IsDtlsNotSctpMode(ssl)) { - len = min(len, MAX_UDP_SIZE); +#if defined(WOLFSSL_DTLS) && !defined(WOLFSSL_NO_DTLS_SIZE_CHECK) + if (ssl->options.dtls && (len < sz - sent)) { + ssl->error = DTLS_SIZE_ERROR; + WOLFSSL_ERROR(ssl->error); + return ssl->error; } #endif buffSz = len; @@ -18439,6 +18441,9 @@ const char* wolfSSL_ERR_reason_error_string(unsigned long e) case TLS13_SECRET_CB_E: return "TLS1.3 Secret Callback Error"; + case DTLS_SIZE_ERROR: + return "DTLS trying to send too much in single datagram error"; + default : return "unknown error number"; } @@ -29977,7 +29982,7 @@ int wolfSSL_GetMaxRecordSize(WOLFSSL* ssl, int maxFragment) } #endif /* HAVE_MAX_FRAGMENT */ #ifdef WOLFSSL_DTLS - if ((ssl->options.dtls) && (maxFragment > MAX_UDP_SIZE)) { + if (IsDtlsNotSctpMode(ssl) && (maxFragment > MAX_UDP_SIZE)) { maxFragment = MAX_UDP_SIZE; } #endif diff --git a/wolfssl/error-ssl.h b/wolfssl/error-ssl.h index 9b44326e7..9478242aa 100644 --- a/wolfssl/error-ssl.h +++ b/wolfssl/error-ssl.h @@ -167,6 +167,7 @@ enum wolfSSL_ErrorCodes { CLIENT_CERT_CB_ERROR = -436, /* Client cert callback error */ SSL_SHUTDOWN_ALREADY_DONE_E = -437, /* Shutdown called redundantly */ TLS13_SECRET_CB_E = -438, /* TLS1.3 secret Cb fcn failure */ + DTLS_SIZE_ERROR = -439, /* Trying to send too much data */ /* add strings to wolfSSL_ERR_reason_error_string in internal.c !!!!! */