2 files changed, 16 insertions, 18 deletions

diff --git a/src/tls/tls_channel.cpp b/src/tls/tls_channel.cpp
index 91aaae206..12fc564f0 100644
--- a/src/tls/tls_channel.cpp
+++ b/src/tls/tls_channel.cpp
@@ -155,16 +155,6 @@ size_t Channel::received_data(const byte buf[], size_t buf_size)
                                                 m_current_version,
                                                 m_read_cipherstate.get());
 
-         if(needed == 0) // full message decoded
-            {
-            if(record.size() > m_max_fragment)
-               throw TLS_Exception(Alert::RECORD_OVERFLOW,
-                                   "Plaintext record is too large");
-
-            record_number = m_read_seq_no;
-            m_read_seq_no += 1;
-            }
-
          BOTAN_ASSERT(consumed <= buf_size,
                       "Record reader consumed sane amount");
 
@@ -177,6 +167,13 @@ size_t Channel::received_data(const byte buf[], size_t buf_size)
          if(buf_size == 0 && needed != 0)
             return needed; // need more data to complete record
 
+         if(record.size() > m_max_fragment)
+            throw TLS_Exception(Alert::RECORD_OVERFLOW,
+                                "Plaintext record is too large");
+
+         record_number = m_read_seq_no;
+         m_read_seq_no += 1;
+
          if(rec_type == HANDSHAKE || rec_type == CHANGE_CIPHER_SPEC)
             {
             if(!m_state)
diff --git a/src/tls/tls_record.cpp b/src/tls/tls_record.cpp
index 4a031f626..5ecd226a4 100644
--- a/src/tls/tls_record.cpp
+++ b/src/tls/tls_record.cpp
@@ -344,20 +344,21 @@ size_t read_record(std::vector<byte>& readbuf,
          " from counterparty");
       }
 
-   if(version.is_datagram_protocol())
+   Protocol_Version record_version(readbuf[1], readbuf[2]);
+
+   if(record_version.is_datagram_protocol())
       msg_sequence = load_be<u64bit>(&readbuf[3], 0);
 
    const size_t record_len = make_u16bit(readbuf[header_size-2],
                                          readbuf[header_size-1]);
 
-   if(version.major_version())
+   if(version.valid() && record_version != version)
       {
-      if(readbuf[1] != version.major_version() ||
-         readbuf[2] != version.minor_version())
-         {
-         throw TLS_Exception(Alert::PROTOCOL_VERSION,
-                             "Got unexpected version from counterparty");
-         }
+      throw TLS_Exception(Alert::PROTOCOL_VERSION,
+                          "Got record with version " +
+                          record_version.to_string() +
+                          " expected " +
+                          version.to_string());
       }
 
    if(record_len > MAX_CIPHERTEXT_SIZE)