From a4bb3ceba2063b1f704c8e72aee78288f5a7e74f Mon Sep 17 00:00:00 2001
From: Jack Lloyd <jack@randombit.net>
Date: Sun, 26 Nov 2017 22:06:16 -0500
Subject: Throw a Decoding_Error if TLS AEAD packet is shorter than the tag.

Otherwise this ended up as an assertion failure which translated
to internal_error alert.
---
 src/lib/tls/tls_record.cpp | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'src')

diff --git a/src/lib/tls/tls_record.cpp b/src/lib/tls/tls_record.cpp
index 4986a7103..996abbfc4 100644
--- a/src/lib/tls/tls_record.cpp
+++ b/src/lib/tls/tls_record.cpp
@@ -302,6 +302,9 @@ void decrypt_record(secure_vector<uint8_t>& output,
    const uint8_t* msg = &record_contents[cs.nonce_bytes_from_record()];
    const size_t msg_length = record_len - cs.nonce_bytes_from_record();
 
+   if(msg_length < aead->minimum_final_size())
+      throw Decoding_Error("AEAD packet is shorter than the tag");
+
    const size_t ptext_size = aead->output_length(msg_length);
 
    aead->set_associated_data_vec(
-- 
cgit v1.2.3