aboutsummaryrefslogtreecommitdiffstats
path: root/src/libtls
diff options
context:
space:
mode:
authorMartin Willi <martin@revosec.ch>2014-03-21 09:29:44 +0100
committerMartin Willi <martin@revosec.ch>2014-03-31 15:56:12 +0200
commitf93497507fbdfb3dfdfc2ca830a9ced73d86dab1 (patch)
tree6a7269db9b2d17f3cddd2f5e8d1145de2fd39308 /src/libtls
parentb886dad49865c08c99e97652fe18666289f695d0 (diff)
downloadstrongswan-f93497507fbdfb3dfdfc2ca830a9ced73d86dab1.tar.bz2
strongswan-f93497507fbdfb3dfdfc2ca830a9ced73d86dab1.tar.xz
tls: Check for minimal TLS record length before each record iteration
Fixes fragment reassembling if a buffer contains more than one record, but the last record contains a partial TLS record header. Thanks to Nick Saunders and Jamil Nimeh for identifying this issue and providing a fix for it.
Diffstat (limited to 'src/libtls')
-rw-r--r--src/libtls/tls.c16
1 files changed, 8 insertions, 8 deletions
diff --git a/src/libtls/tls.c b/src/libtls/tls.c
index 6b51e7593..7314602b6 100644
--- a/src/libtls/tls.c
+++ b/src/libtls/tls.c
@@ -218,14 +218,7 @@ METHOD(tls_t, process, status_t,
{
if (this->input.len == 0)
{
- if (buflen < sizeof(tls_record_t))
- {
- DBG2(DBG_TLS, "received incomplete TLS record header");
- memcpy(&this->head, buf, buflen);
- this->headpos = buflen;
- break;
- }
- while (TRUE)
+ while (buflen >= sizeof(tls_record_t))
{
/* try to process records inline */
record = buf;
@@ -252,6 +245,13 @@ METHOD(tls_t, process, status_t,
return NEED_MORE;
}
}
+ if (buflen < sizeof(tls_record_t))
+ {
+ DBG2(DBG_TLS, "received incomplete TLS record header");
+ memcpy(&this->head, buf, buflen);
+ this->headpos = buflen;
+ break;
+ }
}
len = min(buflen, this->input.len - this->inpos);
memcpy(this->input.ptr + this->inpos, buf, len);