emo/busybox
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

tls: check size on "MAC-only, no crypt" code path too

Browse Source 
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
This commit is contained in:
Denys Vlasenko
2017-01-20 21:23:10 +01:00
parent 54b927d78b
commit 0af5265180
1 changed files with 4 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
networking/tls.c
View File

@@ -810,14 +810,15 @@ static int tls_xread_record(tls_state_t *tls)
dbg("encrypted size:%u type:0x%02x padding_length:0x%02x\n", sz, p[0], padding_len); dbg("encrypted size:%u type:0x%02x padding_length:0x%02x\n", sz, p[0], padding_len);
padding_len++; padding_len++;
sz -= SHA256_OUTSIZE + padding_len; /* drop MAC and padding */ sz -= SHA256_OUTSIZE + padding_len; /* drop MAC and padding */
if (sz < 0) { //if (sz < 0)
bb_error_msg_and_die("bad padding size:%u", padding_len); // bb_error_msg_and_die("bad padding size:%u", padding_len);
}
} else { } else {
/* if nonzero, then it's TLS_RSA_WITH_NULL_SHA256: drop MAC */ /* if nonzero, then it's TLS_RSA_WITH_NULL_SHA256: drop MAC */
/* else: no encryption yet on input, subtract zero = NOP */ /* else: no encryption yet on input, subtract zero = NOP */
sz -= tls->min_encrypted_len_on_read; sz -= tls->min_encrypted_len_on_read;
} }
if (sz < 0)
bb_error_msg_and_die("encrypted data too short");
//dump_hex("<< %s\n", tls->inbuf, RECHDR_LEN + sz); //dump_hex("<< %s\n", tls->inbuf, RECHDR_LEN + sz);