Ignore large DTLS ciphertexts

author: Jack Lloyd <[email protected]> 2019-05-23 16:59:42 -0400
committer: Jack Lloyd <[email protected]> 2019-05-23 16:59:42 -0400
commit: b9faaea51579cb4a01b6923cade34f34931cbd18 (patch)
tree: 4b8e41437eede0c1f95ef5dbd129a37615dfe06b /src/lib/tls
parent: af3368f47bbb89411acfb360e1f8ebc0070a20f7 (diff)
1 files changed, 6 insertions, 2 deletions
diff --git a/src/lib/tls/tls_record.cpp b/src/lib/tls/tls_record.cpp
index 6f5f1da4e..730751855 100644
--- a/src/lib/tls/tls_record.cpp
+++ b/src/lib/tls/tls_record.cpp
@@ -442,8 +442,12 @@ size_t read_dtls_record(secure_vector<uint8_t>& readbuf,
                                           readbuf[DTLS_HEADER_SIZE-1]);
 
    if(record_size > MAX_CIPHERTEXT_SIZE)
-      throw TLS_Exception(Alert::RECORD_OVERFLOW,
-                          "Got message that exceeds maximum size");
+      {
+      // Too large to be valid, ignore it
+      readbuf.clear();
+      *rec.get_type() = NO_RECORD;
+      return 0;
+      }
 
    if(fill_buffer_to(readbuf, raw_input.get_data(), raw_input.get_size(), raw_input.get_consumed(), DTLS_HEADER_SIZE + record_size))
       {
author	Jack Lloyd <[email protected]>	2019-05-23 16:59:42 -0400
committer	Jack Lloyd <[email protected]>	2019-05-23 16:59:42 -0400
commit	b9faaea51579cb4a01b6923cade34f34931cbd18 (patch)
tree	4b8e41437eede0c1f95ef5dbd129a37615dfe06b /src/lib/tls
parent	af3368f47bbb89411acfb360e1f8ebc0070a20f7 (diff)