commit de7d6d33e5804644adac9ffcb8baefdca6d73a31
author Hanno Becker <hanno.becker@arm.com> Wed Jul 10 14:50:10 2019 +0100
committer Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> Thu Aug 01 09:50:27 2019 +0200
tree 4bb1051b8b4abed6c533d4c6333a705ad10bd307
parent 87b5626d736c1780be73d379dc4e72ac456af533

Move size-check for DTLS record header with CID to DTLS-only branch

library/ssl_tls.c

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 26dadb8..8014268 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -4755,6 +4755,18 @@
          * fixed in the configuration. */
         ssl->in_len = ssl->in_cid + mbedtls_ssl_conf_get_cid_len( ssl->conf );
         ssl->in_iv  = ssl->in_msg = ssl->in_len + 2;
+
+        /* Now that the total length of the record header is known, ensure
+         * that the current datagram is large enough to hold it.
+         * This would fail, for example, if we received a datagram of
+         * size 13 + n Bytes where n is less than the size of incoming CIDs.
+         */
+        ret = mbedtls_ssl_fetch_input( ssl, mbedtls_ssl_in_hdr_len( ssl ) );
+        if( ret != 0 )
+        {
+            MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_fetch_input", ret );
+            return( ret );
+        }
     }
     else
 #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
@@ -4788,16 +4800,6 @@
         return( MBEDTLS_ERR_SSL_INVALID_RECORD );
     }
 
-    /* Now that the total length of the record header is known, ensure
-     * that the current datagram is large enough to hold it.
-     * This would fail, for example, if we received a datagram of
-     * size 13 + n Bytes where n is less than the size of incoming CIDs. */
-    ret = mbedtls_ssl_fetch_input( ssl, mbedtls_ssl_in_hdr_len( ssl ) );
-    if( ret != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_fetch_input", ret );
-        return( ret );
-    }
     MBEDTLS_SSL_DEBUG_BUF( 4, "input record header", ssl->in_hdr, mbedtls_ssl_in_hdr_len( ssl ) );
 
     /* Parse and validate record length