aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorlloyd <[email protected]>2012-01-05 21:01:34 +0000
committerlloyd <[email protected]>2012-01-05 21:01:34 +0000
commit74226be019b1a66f8eae9a6516f2eb28a53fb9e2 (patch)
tree60cb288f4d6b1a5f284d993b0de2bfedf4476420
parent66665fe98ddfe08a1c12fedb43eabe83532349a2 (diff)
If the maximum fragment extension was negotiated, enforce it. Also
enforce the 2^14 byte plaintext limit in the reader (previously only the 2^14+2048 byte ciphertext size limit was enforced).
-rw-r--r--src/tls/rec_read.cpp20
-rw-r--r--src/tls/rec_wri.cpp4
-rw-r--r--src/tls/tls_record.h4
-rw-r--r--src/tls/tls_server.cpp6
4 files changed, 32 insertions, 2 deletions
diff --git a/src/tls/rec_read.cpp b/src/tls/rec_read.cpp
index 080d6a1f8..518540bab 100644
--- a/src/tls/rec_read.cpp
+++ b/src/tls/rec_read.cpp
@@ -9,10 +9,18 @@
#include <botan/lookup.h>
#include <botan/loadstor.h>
#include <botan/internal/tls_session_key.h>
+#include <botan/internal/rounding.h>
#include <botan/internal/assert.h>
namespace Botan {
+Record_Reader::Record_Reader()
+ {
+ m_mac = 0;
+ reset();
+ set_maximum_fragment_size(0);
+ }
+
/*
* Reset the state
*/
@@ -28,6 +36,15 @@ void Record_Reader::reset()
m_iv_size = 0;
m_major = m_minor = 0;
m_seq_no = 0;
+ set_maximum_fragment_size(0);
+ }
+
+void Record_Reader::set_maximum_fragment_size(size_t max_fragment)
+ {
+ if(max_fragment == 0)
+ m_max_fragment = MAX_PLAINTEXT_SIZE;
+ else
+ m_max_fragment = clamp(max_fragment, 128, MAX_PLAINTEXT_SIZE);
}
/*
@@ -252,6 +269,9 @@ size_t Record_Reader::get_record(byte& msg_type,
const u16bit plain_length = m_readbuf.size() - (m_mac_size + pad_size + m_iv_size);
+ if(plain_length > m_max_fragment)
+ throw TLS_Exception(RECORD_OVERFLOW, "Plaintext record is too large");
+
m_mac->update_be(m_seq_no);
m_mac->update(header[0]); // msg_type
diff --git a/src/tls/rec_wri.cpp b/src/tls/rec_wri.cpp
index d9f86492d..4ccec58d9 100644
--- a/src/tls/rec_wri.cpp
+++ b/src/tls/rec_wri.cpp
@@ -20,10 +20,11 @@ namespace Botan {
* Record_Writer Constructor
*/
Record_Writer::Record_Writer(std::tr1::function<void (const byte[], size_t)> out) :
- m_output_fn(out), m_max_fragment(MAX_PLAINTEXT_SIZE)
+ m_output_fn(out)
{
m_mac = 0;
reset();
+ set_maximum_fragment_size(0);
}
void Record_Writer::set_maximum_fragment_size(size_t max_fragment)
@@ -39,6 +40,7 @@ void Record_Writer::set_maximum_fragment_size(size_t max_fragment)
*/
void Record_Writer::reset()
{
+ set_maximum_fragment_size(0);
m_cipher.reset();
delete m_mac;
diff --git a/src/tls/tls_record.h b/src/tls/tls_record.h
index 052fd43d8..8e89b9f8a 100644
--- a/src/tls/tls_record.h
+++ b/src/tls/tls_record.h
@@ -104,7 +104,9 @@ class BOTAN_DLL Record_Reader
bool currently_empty() const { return m_input_queue.size() == 0; }
- Record_Reader() { m_mac = 0; reset(); }
+ void set_maximum_fragment_size(size_t max_fragment);
+
+ Record_Reader();
~Record_Reader() { delete m_mac; }
private:
diff --git a/src/tls/tls_server.cpp b/src/tls/tls_server.cpp
index 17f2b51b9..e66936771 100644
--- a/src/tls/tls_server.cpp
+++ b/src/tls/tls_server.cpp
@@ -200,7 +200,10 @@ void TLS_Server::process_handshake_msg(Handshake_Type type,
rng);
if(session_info.fragment_size())
+ {
+ reader.set_maximum_fragment_size(session_info.fragment_size());
writer.set_maximum_fragment_size(session_info.fragment_size());
+ }
state->suite = TLS_Cipher_Suite(state->server_hello->ciphersuite());
@@ -250,7 +253,10 @@ void TLS_Server::process_handshake_msg(Handshake_Type type,
rng);
if(state->client_hello->fragment_size())
+ {
+ reader.set_maximum_fragment_size(state->client_hello->fragment_size());
writer.set_maximum_fragment_size(state->client_hello->fragment_size());
+ }
state->suite = TLS_Cipher_Suite(state->server_hello->ciphersuite());