TLSv1.3 alerts cannot be fragmented and only one per record

We should be validating that. Reviewed-by: N Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3436)

TLSv1.3 alerts cannot be fragmented and only one per record
We should be validating that. Reviewed-by: N Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3436)
0b367d79 · Matt Caswell · 3c544acc · 0b367d79 · 0b367d79 · 0b367d79
隐藏空白更改
内联并排

Showing with 16 addition and 0 deletion

include/openssl/ssl.h include/openssl/ssl.h +1 -0

ssl/record/rec_layer_s3.c ssl/record/rec_layer_s3.c +14 -0

ssl/ssl_err.c ssl/ssl_err.c +1 -0

未找到文件。
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@@ -2650,6 +2650,7 @@ int ERR_load_SSL_strings(void);
 # define SSL_R_INAPPROPRIATE_FALLBACK                     373
 # define SSL_R_INCONSISTENT_COMPRESSION                   340
 # define SSL_R_INCONSISTENT_EXTMS                         104
+# define SSL_R_INVALID_ALERT                              205
 # define SSL_R_INVALID_COMMAND                            280
 # define SSL_R_INVALID_COMPRESSION_ALGORITHM              341
 # define SSL_R_INVALID_CONFIGURATION_NAME                 113

--- a/ssl/record/rec_layer_s3.c
+++ b/ssl/record/rec_layer_s3.c
@@ -1422,6 +1422,20 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
            if (SSL3_RECORD_get_length(rr) == 0)
                SSL3_RECORD_set_read(rr);

+            if (SSL_IS_TLS13(s)
+                    && SSL3_RECORD_get_type(rr) == SSL3_RT_ALERT) {
+                if (*dest_len < dest_maxlen
+                        || SSL3_RECORD_get_length(rr) != 0) {
+                    /*
+                     * TLSv1.3 forbids fragmented alerts, and only one alert
+                     * may be present in a record
+                     */
+                    al = SSL_AD_UNEXPECTED_MESSAGE;
+                    SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_INVALID_ALERT);
+                    goto f_err;
+                }
+            }
+
            if (*dest_len < dest_maxlen)
                goto start;     /* fragment was too small */
        }

--- a/ssl/ssl_err.c
+++ b/ssl/ssl_err.c
@@ -609,6 +609,7 @@ static ERR_STRING_DATA SSL_str_reasons[] = {
    {ERR_REASON(SSL_R_INAPPROPRIATE_FALLBACK), "inappropriate fallback"},
    {ERR_REASON(SSL_R_INCONSISTENT_COMPRESSION), "inconsistent compression"},
    {ERR_REASON(SSL_R_INCONSISTENT_EXTMS), "inconsistent extms"},
+    {ERR_REASON(SSL_R_INVALID_ALERT), "invalid alert"},
    {ERR_REASON(SSL_R_INVALID_COMMAND), "invalid command"},
    {ERR_REASON(SSL_R_INVALID_COMPRESSION_ALGORITHM),
     "invalid compression algorithm"},