mirror of https://github.com/wolfSSL/wolfssl
Don't allow sniffer to decrypt records if the key hasn't been setup. (Possible with misbehaving client.)
This commit is contained in:
parent
7e6b3a86d5
commit
100f0e8a96
|
@ -103,6 +103,7 @@
|
|||
#define ACK_MISSED_STR 69
|
||||
#define BAD_DECRYPT 70
|
||||
|
||||
#define DECRYPT_KEYS_NOT_SETUP 71
|
||||
/* !!!! also add to msgTable in sniffer.c and .rc file !!!! */
|
||||
|
||||
|
||||
|
|
|
@ -84,5 +84,7 @@ STRINGTABLE
|
|||
68, "Bad DeriveKeys Error"
|
||||
69, "Saw ACK for Missing Packet Error"
|
||||
70, "Bad Decrypt Operation"
|
||||
|
||||
71, "Decrypt Keys Not Set Up"
|
||||
}
|
||||
|
||||
|
|
|
@ -225,7 +225,10 @@ static const char* const msgTable[] =
|
|||
"Bad Compression Type",
|
||||
"Bad DeriveKeys Error",
|
||||
"Saw ACK for Missing Packet Error",
|
||||
"Bad Decrypt Operation"
|
||||
"Bad Decrypt Operation",
|
||||
|
||||
/* 71 */
|
||||
"Decrypt Keys Not Set Up"
|
||||
};
|
||||
|
||||
|
||||
|
@ -2378,6 +2381,10 @@ doMessage:
|
|||
session->flags.serverCipherOn)
|
||||
|| (session->flags.side == CYASSL_CLIENT_END &&
|
||||
session->flags.clientCipherOn)) {
|
||||
if (ssl->decrypt.setup != 1) {
|
||||
SetError(DECRYPT_KEYS_NOT_SETUP, error, session, FATAL_ERROR_STATE);
|
||||
return -1;
|
||||
}
|
||||
if (CheckAvailableSize(ssl, rhSize) < 0) {
|
||||
SetError(MEMORY_STR, error, session, FATAL_ERROR_STATE);
|
||||
return -1;
|
||||
|
|
Loading…
Reference in New Issue