Merge pull request #668 from ejohnstown/handshake-size

Fail on redundant handshake message data
2016-12-15 11:41:53 -08:00 · 2016-12-15 11:41:53 -08:00 · 9d94474133
commit 9d94474133
parent 6959c21fdd be65f26dd2
3 changed files with 16 additions and 1 deletions
--- a/src/internal.c
+++ b/src/internal.c
@ -7649,7 +7649,7 @@ static int DoHandShakeMsgType(WOLFSSL* ssl, byte* input, word32* inOutIdx,
                          byte type, word32 size, word32 totalSz)
 {
    int ret = 0;
-    (void)totalSz;
+    word32 expectedIdx;

    WOLFSSL_ENTER("DoHandShakeMsgType");

@ -7657,6 +7657,9 @@ static int DoHandShakeMsgType(WOLFSSL* ssl, byte* input, word32* inOutIdx,
    if (*inOutIdx + size > totalSz)
        return INCOMPLETE_DATA;

+    expectedIdx = *inOutIdx + size +
+                  (ssl->keys.encryptionOn ? ssl->keys.padSz : 0);
+
    /* sanity check msg received */
    if ( (ret = SanityCheckMsgReceived(ssl, type)) != 0) {
        WOLFSSL_MSG("Sanity Check on handshake message type received failed");
@ -7811,6 +7814,13 @@ static int DoHandShakeMsgType(WOLFSSL* ssl, byte* input, word32* inOutIdx,
        break;
    }

+    if (ret == 0 && expectedIdx != *inOutIdx) {
+        WOLFSSL_MSG("Extra data in handshake message");
+        if (!ssl->options.dtls)
+            SendAlert(ssl, alert_fatal, decode_error);
+        ret = DECODE_E;
+    }
+
    /* if async, offset index so this msg will be processed again */
    if (ret == WC_PENDING_E) {
        *inOutIdx -= HANDSHAKE_HEADER_SZ;
@ -11747,6 +11757,9 @@ const char* wolfSSL_ERR_reason_error_string(unsigned long e)
    case DTLS_POOL_SZ_E:
        return "Maximum DTLS pool size exceeded";

+    case DECODE_E:
+        return "Decode handshake message error";
+
    default :
        return "unknown error number";
    }
--- a/wolfssl/error-ssl.h
+++ b/wolfssl/error-ssl.h
@ -151,6 +151,7 @@ enum wolfSSL_ErrorCodes {
    CTX_INIT_MUTEX_E             = -413,   /* initialize ctx mutex error */
    EXT_MASTER_SECRET_NEEDED_E   = -414,   /* need EMS enabled to resume */
    DTLS_POOL_SZ_E               = -415,   /* exceeded DTLS pool size */
+    DECODE_E                     = -416,   /* decode handshake message error */
    /* add strings to wolfSSL_ERR_reason_error_string in internal.c !!!!! */

    /* begin negotiation parameter errors */
--- a/wolfssl/ssl.h
+++ b/wolfssl/ssl.h
@ -200,6 +200,7 @@ enum AlertDescription {
    certificate_expired             =  45,
    certificate_unknown             =  46,
    illegal_parameter               =  47,
+    decode_error                    =  50,
    decrypt_error                   =  51,
    #ifdef WOLFSSL_MYSQL_COMPATIBLE
    /* catch name conflict for enum protocol with MYSQL build */