Check if TLS handshake received Finished before processing application data

author: Martin Willi <martin@revosec.ch> 2012-08-09 12:10:41 +0200
committer: Martin Willi <martin@revosec.ch> 2012-08-09 12:10:41 +0200
commit: 02cabd0f26d2fc17a3967fab2afe52fb92080457 (patch)
tree: b1d249d95c342719d75b53be3a76317d3acfc674 /src/libtls/tls_fragmentation.c
parent: 4e98ca18003964f2511d2ba8258c40f9282535c1 (diff)
download: strongswan-02cabd0f26d2fc17a3967fab2afe52fb92080457.tar.bz2
strongswan-02cabd0f26d2fc17a3967fab2afe52fb92080457.tar.xz
1 files changed, 6 insertions, 0 deletions
diff --git a/src/libtls/tls_fragmentation.c b/src/libtls/tls_fragmentation.c
index eb9976884..f2fa77cfd 100644
--- a/src/libtls/tls_fragmentation.c
+++ b/src/libtls/tls_fragmentation.c
@@ -197,6 +197,12 @@ static status_t process_handshake(private_tls_fragmentation_t *this,
 static status_t process_application(private_tls_fragmentation_t *this,
 									bio_reader_t *reader)
 {
+	if (!this->handshake->finished(this->handshake))
+	{
+		DBG1(DBG_TLS, "received TLS application data, "
+			 "but handshake not finished");
+		return FAILED;
+	}
 	while (reader->remaining(reader))
 	{
 		status_t status;
author	Martin Willi <martin@revosec.ch>	2012-08-09 12:10:41 +0200
committer	Martin Willi <martin@revosec.ch>	2012-08-09 12:10:41 +0200
commit	02cabd0f26d2fc17a3967fab2afe52fb92080457 (patch)
tree	b1d249d95c342719d75b53be3a76317d3acfc674 /src/libtls/tls_fragmentation.c
parent	4e98ca18003964f2511d2ba8258c40f9282535c1 (diff)
download	strongswan-02cabd0f26d2fc17a3967fab2afe52fb92080457.tar.bz2 strongswan-02cabd0f26d2fc17a3967fab2afe52fb92080457.tar.xz