Bug 1786018 - Add explicit handling of zero length records. r=mt

This is based on the patch developed by Leander in D157183, but is a
little more explicit.

Co-Authored-By: Leander Schwarz

Differential Revision: https://phabricator.services.mozilla.com/D176157

1 files changed, 8 insertions, 3 deletions

diff --git a/lib/ssl/ssl3con.c b/lib/ssl/ssl3con.c
index ef883b725..84246954a 100644
--- a/lib/ssl/ssl3con.c
+++ b/lib/ssl/ssl3con.c
@@ -13429,7 +13429,7 @@ ssl3_GetCipherSpec(sslSocket *ss, SSL3Ciphertext *cText)
 SECStatus
 ssl3_HandleRecord(sslSocket *ss, SSL3Ciphertext *cText)
 {
-    SECStatus rv;
+    SECStatus rv = SECFailure;
     PRBool isTLS, isTLS13;
     DTLSEpoch epoch;
     ssl3CipherSpec *spec = NULL;
@@ -13555,8 +13555,13 @@ ssl3_HandleRecord(sslSocket *ss, SSL3Ciphertext *cText)
          * Additionaly, this is used to silently drop DTLS encryption/record
          * errors/alerts using the error handling below as suggested in the
          * DTLS specification [RFC6347, Section 4.1.2.7]. */
-        if (spec->version < SSL_LIBRARY_VERSION_TLS_1_3 ||
-            spec->epoch == 0) {
+        if (spec->cipherDef->cipher == cipher_null && cText->buf->len == 0) {
+            /* Handle a zero-length unprotected record
+             * In this case, we treat it as a no-op and let later functions decide
+             * whether to ignore or alert accordingly. */
+            PR_ASSERT(plaintext->len == 0);
+            rv = SECSuccess;
+        } else if (spec->version < SSL_LIBRARY_VERSION_TLS_1_3 || spec->epoch == 0) {
             rv = ssl3_UnprotectRecord(ss, spec, cText, plaintext, &alert);
         } else {
             rv = tls13_UnprotectRecord(ss, spec, cText, plaintext, &rType,