libsec: improve fix #4: check valid length in TLS (msgRecv)

This commit should complete the work done at 90fe80e73b

Should also fix CID 155874.

sys/src/lib/sec/port/tlshand.c

@@ -1808,10 +1808,19 @@ msgRecv(TlsConnection *c, Msg *m)
 		break;
 	case HFinished:
 		m->u.finished.n = c->finished.n;
-		if(n < m->u.finished.n)
+		switch(m->u.finished.n){
-			goto Short;
+		case TLSFinishedLen:
-		memmove(m->u.finished.verify, p, m->u.finished.n);
+		case SSL3FinishedLen:
-		n -= m->u.finished.n;
+			if(n < m->u.finished.n)
+				goto Short;
+			memmove(m->u.finished.verify, p, m->u.finished.n);
+			n -= m->u.finished.n;
+			break;
+		case BeforeSetVersion:
+		default:
+			tlsError(c, EDecodeError, "unexpected HFinished length");
+			goto Err;
+		}
 		break;
 	}