From aa2565423255ad37c1a19fd8a57b3bcdb4ecd735 Mon Sep 17 00:00:00 2001
From: Giacomo Tesio <giacomo@tesio.it>
Date: Sat, 21 Jan 2017 01:06:28 +0100
Subject: [PATCH] libsec: improve fix #4: check valid length in TLS (msgRecv)

This commit should complete the work done at 90fe80e73b4060cc52f75e9db6e7f2aeba7b0657

Should also fix CID 155874.
---
 sys/src/lib/sec/port/tlshand.c | 17 +++++++++++++----
 1 file changed, 13 insertions(+), 4 deletions(-)

diff --git a/sys/src/lib/sec/port/tlshand.c b/sys/src/lib/sec/port/tlshand.c
index da2f911..5f782eb 100644
--- a/sys/src/lib/sec/port/tlshand.c
+++ b/sys/src/lib/sec/port/tlshand.c
@@ -1808,10 +1808,19 @@ msgRecv(TlsConnection *c, Msg *m)
 		break;
 	case HFinished:
 		m->u.finished.n = c->finished.n;
-		if(n < m->u.finished.n)
-			goto Short;
-		memmove(m->u.finished.verify, p, m->u.finished.n);
-		n -= m->u.finished.n;
+		switch(m->u.finished.n){
+		case TLSFinishedLen:
+		case SSL3FinishedLen:
+			if(n < m->u.finished.n)
+				goto Short;
+			memmove(m->u.finished.verify, p, m->u.finished.n);
+			n -= m->u.finished.n;
+			break;
+		case BeforeSetVersion:
+		default:
+			tlsError(c, EDecodeError, "unexpected HFinished length");
+			goto Err;
+		}
 		break;
 	}