diff options
author | lloyd <[email protected]> | 2012-01-05 21:01:34 +0000 |
---|---|---|
committer | lloyd <[email protected]> | 2012-01-05 21:01:34 +0000 |
commit | 74226be019b1a66f8eae9a6516f2eb28a53fb9e2 (patch) | |
tree | 60cb288f4d6b1a5f284d993b0de2bfedf4476420 | |
parent | 66665fe98ddfe08a1c12fedb43eabe83532349a2 (diff) |
If the maximum fragment extension was negotiated, enforce it. Also
enforce the 2^14 byte plaintext limit in the reader (previously only
the 2^14+2048 byte ciphertext size limit was enforced).
-rw-r--r-- | src/tls/rec_read.cpp | 20 | ||||
-rw-r--r-- | src/tls/rec_wri.cpp | 4 | ||||
-rw-r--r-- | src/tls/tls_record.h | 4 | ||||
-rw-r--r-- | src/tls/tls_server.cpp | 6 |
4 files changed, 32 insertions, 2 deletions
diff --git a/src/tls/rec_read.cpp b/src/tls/rec_read.cpp index 080d6a1f8..518540bab 100644 --- a/src/tls/rec_read.cpp +++ b/src/tls/rec_read.cpp @@ -9,10 +9,18 @@ #include <botan/lookup.h> #include <botan/loadstor.h> #include <botan/internal/tls_session_key.h> +#include <botan/internal/rounding.h> #include <botan/internal/assert.h> namespace Botan { +Record_Reader::Record_Reader() + { + m_mac = 0; + reset(); + set_maximum_fragment_size(0); + } + /* * Reset the state */ @@ -28,6 +36,15 @@ void Record_Reader::reset() m_iv_size = 0; m_major = m_minor = 0; m_seq_no = 0; + set_maximum_fragment_size(0); + } + +void Record_Reader::set_maximum_fragment_size(size_t max_fragment) + { + if(max_fragment == 0) + m_max_fragment = MAX_PLAINTEXT_SIZE; + else + m_max_fragment = clamp(max_fragment, 128, MAX_PLAINTEXT_SIZE); } /* @@ -252,6 +269,9 @@ size_t Record_Reader::get_record(byte& msg_type, const u16bit plain_length = m_readbuf.size() - (m_mac_size + pad_size + m_iv_size); + if(plain_length > m_max_fragment) + throw TLS_Exception(RECORD_OVERFLOW, "Plaintext record is too large"); + m_mac->update_be(m_seq_no); m_mac->update(header[0]); // msg_type diff --git a/src/tls/rec_wri.cpp b/src/tls/rec_wri.cpp index d9f86492d..4ccec58d9 100644 --- a/src/tls/rec_wri.cpp +++ b/src/tls/rec_wri.cpp @@ -20,10 +20,11 @@ namespace Botan { * Record_Writer Constructor */ Record_Writer::Record_Writer(std::tr1::function<void (const byte[], size_t)> out) : - m_output_fn(out), m_max_fragment(MAX_PLAINTEXT_SIZE) + m_output_fn(out) { m_mac = 0; reset(); + set_maximum_fragment_size(0); } void Record_Writer::set_maximum_fragment_size(size_t max_fragment) @@ -39,6 +40,7 @@ void Record_Writer::set_maximum_fragment_size(size_t max_fragment) */ void Record_Writer::reset() { + set_maximum_fragment_size(0); m_cipher.reset(); delete m_mac; diff --git a/src/tls/tls_record.h b/src/tls/tls_record.h index 052fd43d8..8e89b9f8a 100644 --- a/src/tls/tls_record.h +++ b/src/tls/tls_record.h @@ -104,7 +104,9 @@ class BOTAN_DLL Record_Reader bool currently_empty() const { return m_input_queue.size() == 0; } - Record_Reader() { m_mac = 0; reset(); } + void set_maximum_fragment_size(size_t max_fragment); + + Record_Reader(); ~Record_Reader() { delete m_mac; } private: diff --git a/src/tls/tls_server.cpp b/src/tls/tls_server.cpp index 17f2b51b9..e66936771 100644 --- a/src/tls/tls_server.cpp +++ b/src/tls/tls_server.cpp @@ -200,7 +200,10 @@ void TLS_Server::process_handshake_msg(Handshake_Type type, rng); if(session_info.fragment_size()) + { + reader.set_maximum_fragment_size(session_info.fragment_size()); writer.set_maximum_fragment_size(session_info.fragment_size()); + } state->suite = TLS_Cipher_Suite(state->server_hello->ciphersuite()); @@ -250,7 +253,10 @@ void TLS_Server::process_handshake_msg(Handshake_Type type, rng); if(state->client_hello->fragment_size()) + { + reader.set_maximum_fragment_size(state->client_hello->fragment_size()); writer.set_maximum_fragment_size(state->client_hello->fragment_size()); + } state->suite = TLS_Cipher_Suite(state->server_hello->ciphersuite()); |