From be65f26dd27acdbc76802040e9a85e0600e4089d Mon Sep 17 00:00:00 2001
From: John Safranek <john@wolfssl.com>
Date: Wed, 14 Dec 2016 13:07:06 -0800
Subject: [PATCH] If there is a badly formed handshake message with extra data
 at the end, but the correct size with the extra data, send a decode_error
 alert and fail the handshake.

---
 src/internal.c      | 15 ++++++++++++++-
 wolfssl/error-ssl.h |  1 +
 wolfssl/ssl.h       |  1 +
 3 files changed, 16 insertions(+), 1 deletion(-)

diff --git a/src/internal.c b/src/internal.c
index a62c1e634..7e364c9b8 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -7649,7 +7649,7 @@ static int DoHandShakeMsgType(WOLFSSL* ssl, byte* input, word32* inOutIdx,
                           byte type, word32 size, word32 totalSz)
 {
     int ret = 0;
-    (void)totalSz;
+    word32 expectedIdx;
 
     WOLFSSL_ENTER("DoHandShakeMsgType");
 
@@ -7657,6 +7657,9 @@ static int DoHandShakeMsgType(WOLFSSL* ssl, byte* input, word32* inOutIdx,
     if (*inOutIdx + size > totalSz)
         return INCOMPLETE_DATA;
 
+    expectedIdx = *inOutIdx + size +
+                  (ssl->keys.encryptionOn ? ssl->keys.padSz : 0);
+
     /* sanity check msg received */
     if ( (ret = SanityCheckMsgReceived(ssl, type)) != 0) {
         WOLFSSL_MSG("Sanity Check on handshake message type received failed");
@@ -7811,6 +7814,13 @@ static int DoHandShakeMsgType(WOLFSSL* ssl, byte* input, word32* inOutIdx,
         break;
     }
 
+    if (ret == 0 && expectedIdx != *inOutIdx) {
+        WOLFSSL_MSG("Extra data in handshake message");
+        if (!ssl->options.dtls)
+            SendAlert(ssl, alert_fatal, decode_error);
+        ret = DECODE_E;
+    }
+
     /* if async, offset index so this msg will be processed again */
     if (ret == WC_PENDING_E) {
         *inOutIdx -= HANDSHAKE_HEADER_SZ;
@@ -11747,6 +11757,9 @@ const char* wolfSSL_ERR_reason_error_string(unsigned long e)
     case DTLS_POOL_SZ_E:
         return "Maximum DTLS pool size exceeded";
 
+    case DECODE_E:
+        return "Decode handshake message error";
+
     default :
         return "unknown error number";
     }
diff --git a/wolfssl/error-ssl.h b/wolfssl/error-ssl.h
index fded9efa8..77d964e88 100644
--- a/wolfssl/error-ssl.h
+++ b/wolfssl/error-ssl.h
@@ -151,6 +151,7 @@ enum wolfSSL_ErrorCodes {
     CTX_INIT_MUTEX_E             = -413,   /* initialize ctx mutex error */
     EXT_MASTER_SECRET_NEEDED_E   = -414,   /* need EMS enabled to resume */
     DTLS_POOL_SZ_E               = -415,   /* exceeded DTLS pool size */
+    DECODE_E                     = -416,   /* decode handshake message error */
     /* add strings to wolfSSL_ERR_reason_error_string in internal.c !!!!! */
 
     /* begin negotiation parameter errors */
diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h
index 64cfcbb3e..24fee4e10 100644
--- a/wolfssl/ssl.h
+++ b/wolfssl/ssl.h
@@ -200,6 +200,7 @@ enum AlertDescription {
     certificate_expired             =  45,
     certificate_unknown             =  46,
     illegal_parameter               =  47,
+    decode_error                    =  50,
     decrypt_error                   =  51,
     #ifdef WOLFSSL_MYSQL_COMPATIBLE
     /* catch name conflict for enum protocol with MYSQL build */