Fix DTLS HelloVerify message decoding

author: lloyd <[email protected]> 2012-08-02 18:01:10 +0000
committer: lloyd <[email protected]> 2012-08-02 18:01:10 +0000
commit: 8945ad6c6647dccce403e0093e0f134537e2d3f4 (patch)
tree: e1d800a8f1b9ed3fa1cb8563e4b971999ce9af8a /src
parent: f2afee696302e74e1516fec9f212e6615521dc07 (diff)
1 files changed, 12 insertions, 3 deletions
diff --git a/src/tls/hello_verify.cpp b/src/tls/hello_verify.cpp
index c735d9987..19597e9df 100644
--- a/src/tls/hello_verify.cpp
+++ b/src/tls/hello_verify.cpp
@@ -18,11 +18,19 @@ Hello_Verify_Request::Hello_Verify_Request(const std::vector<byte>& buf)
    if(buf.size() < 3)
       throw Decoding_Error("Hello verify request too small");
 
-   if(buf[0] != 254 || (buf[1] != 255 && buf[1] != 253))
+   Protocol_Version version(buf[0], buf[1]);
+
+   if(version != Protocol_Version::DTLS_V10 &&
+      version != Protocol_Version::DTLS_V12)
+      {
       throw Decoding_Error("Unknown version from server in hello verify request");
+      }
+
+   if(static_cast<size_t>(buf[2]) + 3 != buf.size())
+      throw Decoding_Error("Bad length in hello verify request");
 
-   m_cookie.resize(buf.size() - 2);
-   copy_mem(&m_cookie[0], &buf[2], buf.size() - 2);
+   m_cookie.resize(buf.size() - 3);
+   copy_mem(&m_cookie[0], &buf[3], buf.size() - 3);
    }
 
 Hello_Verify_Request::Hello_Verify_Request(const std::vector<byte>& client_hello_bits,
@@ -52,6 +60,7 @@ std::vector<byte> Hello_Verify_Request::serialize() const
    std::vector<byte> bits;
    bits.push_back(format_version.major_version());
    bits.push_back(format_version.minor_version());
+   bits.push_back(static_cast<byte>(m_cookie.size()));
    bits += m_cookie;
    return bits;
    }
author	lloyd <[email protected]>	2012-08-02 18:01:10 +0000
committer	lloyd <[email protected]>	2012-08-02 18:01:10 +0000
commit	8945ad6c6647dccce403e0093e0f134537e2d3f4 (patch)
tree	e1d800a8f1b9ed3fa1cb8563e4b971999ce9af8a /src
parent	f2afee696302e74e1516fec9f212e6615521dc07 (diff)