commit edcbe549fd2b550cbf452515a75a6a9c3530dd0a
author Manuel Pégourié-Gonnard <mpg@elzevir.fr> Mon Aug 11 19:27:24 2014 +0200
committer Paul Bakker <p.j.bakker@polarssl.org> Tue Oct 21 16:30:21 2014 +0200
tree bef6ef4fc78a80a06a80e414b181ea97537b93ec
parent 0557bd5fa4bee08f06487300cf99c426daed1773

Reorder checks in ssl_read_record

library/ssl_tls.c

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index af5e390..11aba99 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -2219,14 +2219,32 @@
 
     ssl->in_msgtype =  ssl->in_hdr[0];
     ssl->in_msglen = ( ssl->in_len[0] << 8 ) | ssl->in_len[1];
+    ssl_read_version( &major_ver, &minor_ver, ssl->transport, ssl->in_hdr + 1 );
 
     SSL_DEBUG_MSG( 3, ( "input record: msgtype = %d, "
                         "version = [%d:%d], msglen = %d",
-                     ssl->in_hdr[0], ssl->in_hdr[1], ssl->in_hdr[2],
-                   ( ssl->in_len[0] << 8 ) | ssl->in_len[1] ) );
+                        ssl->in_msgtype,
+                        major_ver, minor_ver, ssl->in_msglen ) );
 
-    ssl_read_version( &major_ver, &minor_ver, ssl->transport, ssl->in_hdr + 1 );
+    /* Check record type */
+    if( ssl->in_msgtype != SSL_MSG_HANDSHAKE &&
+        ssl->in_msgtype != SSL_MSG_ALERT &&
+        ssl->in_msgtype != SSL_MSG_CHANGE_CIPHER_SPEC &&
+        ssl->in_msgtype != SSL_MSG_APPLICATION_DATA )
+    {
+        SSL_DEBUG_MSG( 1, ( "unknown record type" ) );
 
+        if( ( ret = ssl_send_alert_message( ssl,
+                        SSL_ALERT_LEVEL_FATAL,
+                        SSL_ALERT_MSG_UNEXPECTED_MESSAGE ) ) != 0 )
+        {
+            return( ret );
+        }
+
+        return( POLARSSL_ERR_SSL_INVALID_RECORD );
+    }
+
+    /* Check version */
     if( major_ver != ssl->major_ver )
     {
         SSL_DEBUG_MSG( 1, ( "major version mismatch" ) );
@@ -2239,21 +2257,19 @@
         return( POLARSSL_ERR_SSL_INVALID_RECORD );
     }
 
-    /* Sanity check (outer boundaries) */
-    if( ssl->in_msglen < 1 ||
-        ssl->in_msglen > SSL_BUFFER_LEN - (size_t)( ssl->in_msg - ssl->in_buf ) )
+    /* Check length against the size of our buffer */
+    if( ssl->in_msglen > SSL_BUFFER_LEN
+                         - (size_t)( ssl->in_msg - ssl->in_buf ) )
     {
         SSL_DEBUG_MSG( 1, ( "bad message length" ) );
         return( POLARSSL_ERR_SSL_INVALID_RECORD );
     }
 
-    /*
-     * Make sure the message length is acceptable for the current transform
-     * and protocol version.
-     */
+    /* Check length against bounds of the current transform and version */
     if( ssl->transform_in == NULL )
     {
-        if( ssl->in_msglen > SSL_MAX_CONTENT_LEN )
+        if( ssl->in_msglen < 1 ||
+            ssl->in_msglen > SSL_MAX_CONTENT_LEN )
         {
             SSL_DEBUG_MSG( 1, ( "bad message length" ) );
             return( POLARSSL_ERR_SSL_INVALID_RECORD );
@@ -2275,7 +2291,6 @@
             return( POLARSSL_ERR_SSL_INVALID_RECORD );
         }
 #endif
-
 #if defined(POLARSSL_SSL_PROTO_TLS1) || defined(POLARSSL_SSL_PROTO_TLS1_1) || \
     defined(POLARSSL_SSL_PROTO_TLS1_2)
         /*
@@ -2370,23 +2385,6 @@
     }
 #endif /* POLARSSL_ZLIB_SUPPORT */
 
-    if( ssl->in_msgtype != SSL_MSG_HANDSHAKE &&
-        ssl->in_msgtype != SSL_MSG_ALERT &&
-        ssl->in_msgtype != SSL_MSG_CHANGE_CIPHER_SPEC &&
-        ssl->in_msgtype != SSL_MSG_APPLICATION_DATA )
-    {
-        SSL_DEBUG_MSG( 1, ( "unknown record type" ) );
-
-        if( ( ret = ssl_send_alert_message( ssl,
-                        SSL_ALERT_LEVEL_FATAL,
-                        SSL_ALERT_MSG_UNEXPECTED_MESSAGE ) ) != 0 )
-        {
-            return( ret );
-        }
-
-        return( POLARSSL_ERR_SSL_INVALID_RECORD );
-    }
-
     if( ssl->in_msgtype == SSL_MSG_HANDSHAKE )
     {
         if( ( ret = ssl_prepare_handshake_record( ssl ) ) != 0 )