Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

dtls.c: add check for valid handshake message type when version is 1.0. #210

Merged
merged 1 commit into from
May 12, 2024
Merged

dtls.c: add check for valid handshake message type when version is 1.0. #210

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
36 changes: 26 additions & 10 deletions dtls.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -82,11 +82,12 @@ memarray_t dtlscontext_storage;

#define dtls_set_version(H,V) dtls_int_to_uint16((H)->version, (V))
#define dtls_set_content_type(H,V) ((H)->content_type = (V) & 0xff)
#define dtls_set_length(H,V) ((H)->length = (V))
#define dtls_set_length(H,V) dtls_int_to_uint16(&((H)->length), (V))

#define dtls_get_content_type(H) ((H)->content_type & 0xff)
#define dtls_get_version(H) dtls_uint16_to_int((H)->version)
#define dtls_get_epoch(H) dtls_uint16_to_int((H)->epoch)
#define dtls_get_length(H) dtls_uint16_to_int((H)->length)
#define dtls_get_sequence_number(H) dtls_uint48_to_ulong((H)->sequence_number)
#define dtls_get_fragment_length(H) dtls_uint24_to_int((H)->fragment_length)

Expand Down Expand Up @@ -563,15 +564,30 @@ is_record(uint8 *msg, size_t msglen) {
unsigned int rlen = 0;

if (msglen >= DTLS_RH_LENGTH) { /* FIXME allow empty records? */
uint16_t version = dtls_uint16_to_int(msg + 1);
if ((((version == DTLS_VERSION) || (version == DTLS10_VERSION))
&& known_content_type(msg))) {
rlen = DTLS_RH_LENGTH +
dtls_uint16_to_int(DTLS_RECORD_HEADER(msg)->length);

/* we do not accept wrong length field in record header */
if (rlen > msglen)
rlen = 0;
uint16_t version = dtls_get_version(DTLS_RECORD_HEADER(msg));

if (DTLS_VERSION == version) {
if (!known_content_type(msg)) {
return 0;
}
} else if (DTLS10_VERSION == version) {
if (DTLS_CT_HANDSHAKE != msg[0] || DTLS_RH_LENGTH == msglen) {
return 0;
} else {
uint8_t handshake_type = msg[DTLS_RH_LENGTH];
if (DTLS_HT_CLIENT_HELLO != handshake_type &&
DTLS_HT_HELLO_VERIFY_REQUEST != handshake_type) {
return 0;
}
}
} else {
return 0;
}
rlen = DTLS_RH_LENGTH + dtls_uint16_to_int(DTLS_RECORD_HEADER(msg)->length);

/* we do not accept wrong length field in record header */
if (rlen > msglen) {
rlen = 0;
}
}

Expand Down