libsec: improve fix #4: check valid length in TLS (msgRecv)

This commit should complete the work done at 90fe80e73b Should also fix CID 155874.
2017-01-21 01:06:28 +01:00 · 2017-01-21 01:06:28 +01:00 · aa25654232
parent f6e1c78244
commit aa25654232
1 changed files with 13 additions and 4 deletions
--- a/sys/src/lib/sec/port/tlshand.c
+++ b/sys/src/lib/sec/port/tlshand.c
@ -1808,10 +1808,19 @@ msgRecv(TlsConnection *c, Msg *m)
 		break;
 	case HFinished:
 		m->u.finished.n = c->finished.n;
-		if(n < m->u.finished.n)
-			goto Short;
-		memmove(m->u.finished.verify, p, m->u.finished.n);
-		n -= m->u.finished.n;
+		switch(m->u.finished.n){
+		case TLSFinishedLen:
+		case SSL3FinishedLen:
+			if(n < m->u.finished.n)
+				goto Short;
+			memmove(m->u.finished.verify, p, m->u.finished.n);
+			n -= m->u.finished.n;
+			break;
+		case BeforeSetVersion:
+		default:
+			tlsError(c, EDecodeError, "unexpected HFinished length");
+			goto Err;
+		}
 		break;
 	}