diff options
author | Jack Lloyd <[email protected]> | 2017-11-26 22:06:16 -0500 |
---|---|---|
committer | Jack Lloyd <[email protected]> | 2017-11-26 22:06:16 -0500 |
commit | a4bb3ceba2063b1f704c8e72aee78288f5a7e74f (patch) | |
tree | 42b01e3bd8231d3feaebe1e54d3c197cd5e45cd3 /src/lib/tls | |
parent | d2f84e5670df96dc2f8e15b7fd5cd7cc32ca7283 (diff) |
Throw a Decoding_Error if TLS AEAD packet is shorter than the tag.
Otherwise this ended up as an assertion failure which translated
to internal_error alert.
Diffstat (limited to 'src/lib/tls')
-rw-r--r-- | src/lib/tls/tls_record.cpp | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/src/lib/tls/tls_record.cpp b/src/lib/tls/tls_record.cpp index 4986a7103..996abbfc4 100644 --- a/src/lib/tls/tls_record.cpp +++ b/src/lib/tls/tls_record.cpp @@ -302,6 +302,9 @@ void decrypt_record(secure_vector<uint8_t>& output, const uint8_t* msg = &record_contents[cs.nonce_bytes_from_record()]; const size_t msg_length = record_len - cs.nonce_bytes_from_record(); + if(msg_length < aead->minimum_final_size()) + throw Decoding_Error("AEAD packet is shorter than the tag"); + const size_t ptext_size = aead->output_length(msg_length); aead->set_associated_data_vec( |