diff options
author | EKR <ekr@rtfm.com> | 2016-02-10 14:40:42 +0100 |
---|---|---|
committer | EKR <ekr@rtfm.com> | 2016-02-10 14:40:42 +0100 |
commit | 8650cba4348945bab68f8f64d48f98cfdf5eec4f (patch) | |
tree | 036919c7d7371e53971d7482c1eab5909009eb16 | |
parent | 80a97f2d4d8819cabbaba7a3ce16952531c5a5af (diff) | |
download | nss-hg-8650cba4348945bab68f8f64d48f98cfdf5eec4f.tar.gz |
Bug 1248256 - Verify dummy external content type for TLS 1.3. r=mt
-rw-r--r-- | lib/ssl/tls13con.c | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/lib/ssl/tls13con.c b/lib/ssl/tls13con.c index 508af03cf..61aaa238b 100644 --- a/lib/ssl/tls13con.c +++ b/lib/ssl/tls13con.c @@ -2010,6 +2010,13 @@ tls13_UnprotectRecord(sslSocket* ss, SSL3Ciphertext *cText, sslBuffer *plaintext return SECFailure; } + /* Verify that the content type is right, even though we overwrite it. */ + if (cText->type != content_application_data) { + /* Do we need a better error here? */ + PORT_SetError(SSL_ERROR_BAD_MAC_READ); + return SECFailure; + } + /* Check the version number in the record */ if (cText->version != kRecordVersion) { /* Do we need a better error here? */ |