tls: check size on "MAC-only, no crypt" code path too

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
author: Denys Vlasenko <vda.linux@googlemail.com> 2017-01-20 21:23:10 +0100
committer: Denys Vlasenko <vda.linux@googlemail.com> 2017-01-20 21:23:10 +0100
commit: 0af5265180877f4e8fbf8f1d9f2999b3fd2205d3 (patch)
tree: ced2821d729e10bfeef9101143fa0f412400cd26 /networking
parent: 54b927d78bfdac54873513fb1dd992a7758d29c8 (diff)
download: busybox-0af5265180877f4e8fbf8f1d9f2999b3fd2205d3.tar.gz
1 files changed, 4 insertions, 3 deletions
diff --git a/networking/tls.c b/networking/tls.c
index fb49b1523..80e3bc662 100644
--- a/networking/tls.c
+++ b/networking/tls.c
@@ -810,14 +810,15 @@ static int tls_xread_record(tls_state_t *tls)
 		dbg("encrypted size:%u type:0x%02x padding_length:0x%02x\n", sz, p[0], padding_len);
 		padding_len++;
 		sz -= SHA256_OUTSIZE + padding_len; /* drop MAC and padding */
-		if (sz < 0) {
-			bb_error_msg_and_die("bad padding size:%u", padding_len);
-		}
+		//if (sz < 0)
+		//	bb_error_msg_and_die("bad padding size:%u", padding_len);
 	} else {
 		/* if nonzero, then it's TLS_RSA_WITH_NULL_SHA256: drop MAC */
 		/* else: no encryption yet on input, subtract zero = NOP */
 		sz -= tls->min_encrypted_len_on_read;
 	}
+	if (sz < 0)
+		bb_error_msg_and_die("encrypted data too short");
 
 	//dump_hex("<< %s\n", tls->inbuf, RECHDR_LEN + sz);
author	Denys Vlasenko <vda.linux@googlemail.com>	2017-01-20 21:23:10 +0100
committer	Denys Vlasenko <vda.linux@googlemail.com>	2017-01-20 21:23:10 +0100
commit	0af5265180877f4e8fbf8f1d9f2999b3fd2205d3 (patch)
tree	ced2821d729e10bfeef9101143fa0f412400cd26 /networking
parent	54b927d78bfdac54873513fb1dd992a7758d29c8 (diff)
download	busybox-0af5265180877f4e8fbf8f1d9f2999b3fd2205d3.tar.gz