Add run-time check for record content size in ssl_encrypt_buf

commit: d33f1ca34c39cd42e11f5d0997603a291a4d08df [log] [tgz]
author: Hanno Becker <hanno.becker@arm.com> Mon Sep 18 10:55:31 2017 +0100
committer: Hanno Becker <hanno.becker@arm.com> Mon Sep 18 10:56:14 2017 +0100
tree: ac6c436ee64578fbec4ec807fd2d173991ebd7fa
parent: a8434e8f95290b0429c3ce77a7764ed7dc985143 [diff] [blame]
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index b388156..970a043 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c

@@ -1268,6 +1268,13 @@
     MBEDTLS_SSL_DEBUG_BUF( 4, "before encrypt: output payload",
                       ssl->out_msg, ssl->out_msglen );
 
+    if( ssl->out_msglen > MBEDTLS_SSL_MAX_CONTENT_LEN )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "Record content too large, maximum %d",
+                                    MBEDTLS_SSL_MAX_CONTENT_LEN ) );
+        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+    }
+
     /*
      * Add MAC before if needed
      */
commit	d33f1ca34c39cd42e11f5d0997603a291a4d08df	[log] [tgz]
author	Hanno Becker <hanno.becker@arm.com>	Mon Sep 18 10:55:31 2017 +0100
committer	Hanno Becker <hanno.becker@arm.com>	Mon Sep 18 10:56:14 2017 +0100
tree	ac6c436ee64578fbec4ec807fd2d173991ebd7fa
parent	a8434e8f95290b0429c3ce77a7764ed7dc985143 [diff] [blame]