aboutsummaryrefslogtreecommitdiffstats
path: root/src/lib/tls
diff options
context:
space:
mode:
authorJack Lloyd <[email protected]>2017-11-26 22:06:16 -0500
committerJack Lloyd <[email protected]>2017-11-26 22:06:16 -0500
commita4bb3ceba2063b1f704c8e72aee78288f5a7e74f (patch)
tree42b01e3bd8231d3feaebe1e54d3c197cd5e45cd3 /src/lib/tls
parentd2f84e5670df96dc2f8e15b7fd5cd7cc32ca7283 (diff)
Throw a Decoding_Error if TLS AEAD packet is shorter than the tag.
Otherwise this ended up as an assertion failure which translated to internal_error alert.
Diffstat (limited to 'src/lib/tls')
-rw-r--r--src/lib/tls/tls_record.cpp3
1 files changed, 3 insertions, 0 deletions
diff --git a/src/lib/tls/tls_record.cpp b/src/lib/tls/tls_record.cpp
index 4986a7103..996abbfc4 100644
--- a/src/lib/tls/tls_record.cpp
+++ b/src/lib/tls/tls_record.cpp
@@ -302,6 +302,9 @@ void decrypt_record(secure_vector<uint8_t>& output,
const uint8_t* msg = &record_contents[cs.nonce_bytes_from_record()];
const size_t msg_length = record_len - cs.nonce_bytes_from_record();
+ if(msg_length < aead->minimum_final_size())
+ throw Decoding_Error("AEAD packet is shorter than the tag");
+
const size_t ptext_size = aead->output_length(msg_length);
aead->set_associated_data_vec(