emo/busybox
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

tls: check size on "MAC-only, no crypt" code path too

Browse Source 
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
This commit is contained in:
Denys Vlasenko 2017-01-20 21:23:10 +01:00
parent 54b927d78b
commit 0af5265180
1 changed files with 4 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
networking/tls.c
View File

@ -810,14 +810,15 @@ static int tls_xread_record(tls_state_t *tls)
dbg("encrypted size:%u type:0x%02x padding_length:0x%02x\n", sz, p[0], padding_len);
padding_len++;
sz -= SHA256_OUTSIZE + padding_len; /* drop MAC and padding */
if (sz < 0) {
bb_error_msg_and_die("bad padding size:%u", padding_len);
}
//if (sz < 0)
// bb_error_msg_and_die("bad padding size:%u", padding_len);
} else {
/* if nonzero, then it's TLS_RSA_WITH_NULL_SHA256: drop MAC */
/* else: no encryption yet on input, subtract zero = NOP */
sz -= tls->min_encrypted_len_on_read;
}
if (sz < 0)
bb_error_msg_and_die("encrypted data too short");
//dump_hex("<< %s\n", tls->inbuf, RECHDR_LEN + sz);