commit e538d8287e31e70e20002c3a3256a0994b236f18
author Hanno Becker <hanno.becker@arm.com> Wed Jul 10 14:50:10 2019 +0100
committer Hanno Becker <hanno.becker@arm.com> Wed Aug 14 14:41:37 2019 +0100
tree 3afe8b9746f15d43b9649022274e7c4ba8af8d5a
parent 2fddd3765ea998bb9f40b52dc1baaf843b9889bf

Move size-check for DTLS record header with CID to DTLS-only branch

library/ssl_tls.c

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 204fa43..14a5a49 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -4924,6 +4924,18 @@
          * fixed in the configuration. */
         ssl->in_len = ssl->in_cid + ssl->conf->cid_len;
         ssl->in_iv  = ssl->in_msg = ssl->in_len + 2;
+
+        /* Now that the total length of the record header is known, ensure
+         * that the current datagram is large enough to hold it.
+         * This would fail, for example, if we received a datagram of
+         * size 13 + n Bytes where n is less than the size of incoming CIDs.
+         */
+        ret = mbedtls_ssl_fetch_input( ssl, mbedtls_ssl_in_hdr_len( ssl ) );
+        if( ret != 0 )
+        {
+            MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_fetch_input", ret );
+            return( ret );
+        }
     }
     else
 #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
@@ -4955,16 +4967,6 @@
         return( MBEDTLS_ERR_SSL_INVALID_RECORD );
     }
 
-    /* Now that the total length of the record header is known, ensure
-     * that the current datagram is large enough to hold it.
-     * This would fail, for example, if we received a datagram of
-     * size 13 + n Bytes where n is less than the size of incoming CIDs. */
-    ret = mbedtls_ssl_fetch_input( ssl, mbedtls_ssl_in_hdr_len( ssl ) );
-    if( ret != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_fetch_input", ret );
-        return( ret );
-    }
     MBEDTLS_SSL_DEBUG_BUF( 4, "input record header", ssl->in_hdr, mbedtls_ssl_in_hdr_len( ssl ) );
 
     /* Parse and validate record length