mirror of
https://github.com/Mbed-TLS/mbedtls.git
synced 2025-03-14 07:20:52 +00:00
Cleanly reject non-HS in-between HS fragments
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
This commit is contained in:
parent
723fec4eca
commit
e26a060194
@ -4889,6 +4889,18 @@ int mbedtls_ssl_handle_message_type(mbedtls_ssl_context *ssl)
|
||||
{
|
||||
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
||||
|
||||
/* If we're in the middle of a fragmented TLS handshake message,
|
||||
* we don't accept any other message type. For TLS 1.3, the spec forbids
|
||||
* interleaving other message types between handshake fragments. For TLS
|
||||
* 1.2, the spec does not forbid it but we do. */
|
||||
if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_STREAM &&
|
||||
ssl->in_hsfraglen != 0 &&
|
||||
ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE) {
|
||||
MBEDTLS_SSL_DEBUG_MSG(1, ("non-handshake message in the middle"
|
||||
" of a fragmented handshake message"));
|
||||
return MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE;
|
||||
}
|
||||
|
||||
/*
|
||||
* Handle particular types of records
|
||||
*/
|
||||
|
Loading…
x
Reference in New Issue
Block a user