mirrors/wolfssl
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix early data max size handling. Fixes issue with size checking around wolfSSL_CTX_set_max_early_data and wolfSSL_set_max_early_data, which was checking against the padded size. Also was adding to the earlyDataSz and checking against it with un-padded data size. ZD 12632.

Browse Source
This commit is contained in:
David Garske 2021-08-10 16:32:41 -07:00
parent fdb6c8141e
commit 0c74e18eaf
1 changed files with 1 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
src/internal.c
View File

@ -15838,20 +15838,15 @@ int DoApplicationData(WOLFSSL* ssl, byte* input, word32* inOutIdx)
int process = 0; int process = 0;
if (ssl->options.side == WOLFSSL_SERVER_END) { if (ssl->options.side == WOLFSSL_SERVER_END) {
ssl->earlyDataSz += ssl->curSize;
if ((ssl->earlyData != no_early_data) && if ((ssl->earlyData != no_early_data) &&
(ssl->options.clientState == CLIENT_HELLO_COMPLETE)) { (ssl->options.clientState == CLIENT_HELLO_COMPLETE)) {
process = 1; process = 1;
} }
if (!process && (ssl->earlyDataSz <= ssl->options.maxEarlyDataSz)) { if (!process) {
WOLFSSL_MSG("Ignoring EarlyData!"); WOLFSSL_MSG("Ignoring EarlyData!");
*inOutIdx = ssl->buffers.inputBuffer.length; *inOutIdx = ssl->buffers.inputBuffer.length;
return 0; return 0;
} }
if (ssl->earlyDataSz > ssl->options.maxEarlyDataSz) {
WOLFSSL_MSG("Too much EarlyData!");
process = 0;
}
} }
if (!process) { if (!process) {
WOLFSSL_MSG("Received App data before a handshake completed"); WOLFSSL_MSG("Received App data before a handshake completed");