From ef6938d2bcc6fd87e1008375d15a63bee2eee81c Mon Sep 17 00:00:00 2001
From: John Safranek <john@wolfssl.com>
Date: Tue, 17 Dec 2019 16:55:58 -0800
Subject: [PATCH] DTLS Handshake Message CAP Cap the incoming DTLS handshake
 messages size the same way we do for TLS. If handshake messages claim to be
 larger than the largest allowed certificate message, we error out.

---
 src/internal.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/src/internal.c b/src/internal.c
index 161076929..9f44ceab2 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -12359,6 +12359,14 @@ static int DoDtlsHandShakeMsg(WOLFSSL* ssl, byte* input, word32* inOutIdx,
         return PARSE_ERROR;
     }
 
+    /* Cap the maximum size of a handshake message to something reasonable.
+     * By default is the maximum size of a certificate message assuming
+     * nine 2048-bit RSA certificates in the chain. */
+    if (size > MAX_HANDSHAKE_SZ) {
+        WOLFSSL_MSG("Handshake message too large");
+        return HANDSHAKE_SIZE_ERROR;
+    }
+
     /* check that we have complete fragment */
     if (*inOutIdx + fragSz > totalSz) {
         WOLFSSL_ERROR(INCOMPLETE_DATA);