From 5e03ac13f6c2e1c8f32f8a09bdbd49f1403a1e71 Mon Sep 17 00:00:00 2001 From: John Safranek Date: Wed, 16 Jan 2019 15:52:03 -0800 Subject: [PATCH] TLS Record Fragment Size Check Change Fixed a potential bug with respect to processing fragmented handshake messages. If a handshake message is fragmented across multiple TLS records and the last fragment's record has the next handshake message in it, we would throw a buffer error instead of processing the next message. Changed this so it will finish the handshake message and return out to process the next message. Also changed the handling of the handshake message to follow the calling pattern. --- src/internal.c | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) diff --git a/src/internal.c b/src/internal.c index 87266bf19..af78a14c7 100644 --- a/src/internal.c +++ b/src/internal.c @@ -10953,11 +10953,14 @@ static int DoHandShakeMsg(WOLFSSL* ssl, byte* input, word32* inOutIdx, ret = DoHandShakeMsgType(ssl, input, inOutIdx, type, size, totalSz); } else { - if (inputLength + ssl->arrays->pendingMsgOffset - > ssl->arrays->pendingMsgSz) { + word32 pendSz = + ssl->arrays->pendingMsgSz - ssl->arrays->pendingMsgOffset; - return BUFFER_ERROR; - } + /* Catch the case where there may be the remainder of a fragmented + * handshake message and the next handshake message in the same + * record. */ + if (inputLength > pendSz) + inputLength = pendSz; XMEMCPY(ssl->arrays->pendingMsg + ssl->arrays->pendingMsgOffset, input + *inOutIdx, inputLength); @@ -10966,13 +10969,11 @@ static int DoHandShakeMsg(WOLFSSL* ssl, byte* input, word32* inOutIdx, if (ssl->arrays->pendingMsgOffset == ssl->arrays->pendingMsgSz) { - word32 idx = 0; + word32 idx = HANDSHAKE_HEADER_SZ; ret = DoHandShakeMsgType(ssl, - ssl->arrays->pendingMsg - + HANDSHAKE_HEADER_SZ, + ssl->arrays->pendingMsg, &idx, ssl->arrays->pendingMsgType, - ssl->arrays->pendingMsgSz - - HANDSHAKE_HEADER_SZ, + ssl->arrays->pendingMsgSz - idx, ssl->arrays->pendingMsgSz); #ifdef WOLFSSL_ASYNC_CRYPT if (ret == WC_PENDING_E) {