diff options
author | Daiki Ueno <dueno@redhat.com> | 2018-11-22 14:59:11 +0100 |
---|---|---|
committer | Daiki Ueno <dueno@redhat.com> | 2018-12-06 11:14:38 +0100 |
commit | e44026f5c83f7be77628a1918234b32d9821823f (patch) | |
tree | 6d9dec2aba00a17a4ce1fd2fdd8ca65a003ab2f2 /lib/record.c | |
parent | 493723ee38cd817a60f25bb0bea505c80b22407c (diff) | |
download | gnutls-e44026f5c83f7be77628a1918234b32d9821823f.tar.gz |
record: make CCS handling stricter in TLS 1.3
In TLS 1.3, the change_cipher_spec messages received under the
following conditions should be treated as unexpected record type:
containing value other than 0x01, or received after the handshake.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
Diffstat (limited to 'lib/record.c')
-rw-r--r-- | lib/record.c | 11 |
1 files changed, 9 insertions, 2 deletions
diff --git a/lib/record.c b/lib/record.c index 19f5b52282..73c484ed56 100644 --- a/lib/record.c +++ b/lib/record.c @@ -1331,8 +1331,15 @@ _gnutls_recv_in_buffers(gnutls_session_t session, content_type_t type, if (bufel == NULL) return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR); - if (vers && vers->tls13_sem && record.type == GNUTLS_CHANGE_CIPHER_SPEC && - record.length == 1 && session->internals.handshake_in_progress) { + if (vers && vers->tls13_sem && record.type == GNUTLS_CHANGE_CIPHER_SPEC) { + /* if the CCS has value other than 0x01, or arrives + * after Finished, abort the connection */ + if (record.length != 1 || + *((uint8_t *) _mbuffer_get_udata_ptr(bufel) + + record.header_size) != 0x01 || + !session->internals.handshake_in_progress) + return gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET); + _gnutls_read_log("discarding change cipher spec in TLS1.3\n"); /* we use the same mechanism to retry as when * receiving multiple empty TLS packets */ |