From caf041181aa300631acfe897a3e3e222c9632e53 Mon Sep 17 00:00:00 2001 From: Dennis Jackson Date: Fri, 5 May 2023 09:16:15 +0000 Subject: Bug 1786018 - Add explicit handling of zero length records. r=mt This is based on the patch developed by Leander in D157183, but is a little more explicit. Co-Authored-By: Leander Schwarz Differential Revision: https://phabricator.services.mozilla.com/D176157 --- lib/ssl/ssl3con.c | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) (limited to 'lib') diff --git a/lib/ssl/ssl3con.c b/lib/ssl/ssl3con.c index ef883b725..84246954a 100644 --- a/lib/ssl/ssl3con.c +++ b/lib/ssl/ssl3con.c @@ -13429,7 +13429,7 @@ ssl3_GetCipherSpec(sslSocket *ss, SSL3Ciphertext *cText) SECStatus ssl3_HandleRecord(sslSocket *ss, SSL3Ciphertext *cText) { - SECStatus rv; + SECStatus rv = SECFailure; PRBool isTLS, isTLS13; DTLSEpoch epoch; ssl3CipherSpec *spec = NULL; @@ -13555,8 +13555,13 @@ ssl3_HandleRecord(sslSocket *ss, SSL3Ciphertext *cText) * Additionaly, this is used to silently drop DTLS encryption/record * errors/alerts using the error handling below as suggested in the * DTLS specification [RFC6347, Section 4.1.2.7]. */ - if (spec->version < SSL_LIBRARY_VERSION_TLS_1_3 || - spec->epoch == 0) { + if (spec->cipherDef->cipher == cipher_null && cText->buf->len == 0) { + /* Handle a zero-length unprotected record + * In this case, we treat it as a no-op and let later functions decide + * whether to ignore or alert accordingly. */ + PR_ASSERT(plaintext->len == 0); + rv = SECSuccess; + } else if (spec->version < SSL_LIBRARY_VERSION_TLS_1_3 || spec->epoch == 0) { rv = ssl3_UnprotectRecord(ss, spec, cText, plaintext, &alert); } else { rv = tls13_UnprotectRecord(ss, spec, cText, plaintext, &rType, -- cgit v1.2.1