Fix the alias checks in dtls_record.c.

I forgot to save this file. Change-Id: I8540839fac2a7f426aebd7f2cb85baba337efd37 Reviewed-on: https://boringssl-review.googlesource.com/8234 Reviewed-by: Adam Langley <agl@google.com>
2016-06-09 16:38:00 -04:00 · 2016-06-09 16:38:00 -04:00 · 95d7a498cc
commit 95d7a498cc
parent bf1905a910
1 changed files with 6 additions and 6 deletions
--- a/ssl/dtls_record.c
+++ b/ssl/dtls_record.c
@ -118,6 +118,7 @@
 #include <openssl/err.h>

 #include "internal.h"
+#include "../crypto/internal.h"


 /* to_u64_be treats |in| as a 8-byte big-endian integer and returns the value as
@ -251,6 +252,11 @@ enum ssl_open_record_t dtls_open_record(SSL *ssl, uint8_t *out_type, CBS *out,
 int dtls_seal_record(SSL *ssl, uint8_t *out, size_t *out_len, size_t max_out,
                     uint8_t type, const uint8_t *in, size_t in_len,
                     enum dtls1_use_epoch_t use_epoch) {
+  if (buffers_alias(in, in_len, out, max_out)) {
+    OPENSSL_PUT_ERROR(SSL, SSL_R_OUTPUT_ALIASES_INPUT);
+    return 0;
+  }
+
  /* Determine the parameters for the current epoch. */
  uint16_t epoch = ssl->d1->w_epoch;
  SSL_AEAD_CTX *aead = ssl->s3->aead_write_ctx;
@ -268,12 +274,6 @@ int dtls_seal_record(SSL *ssl, uint8_t *out, size_t *out_len, size_t max_out,
    OPENSSL_PUT_ERROR(SSL, SSL_R_BUFFER_TOO_SMALL);
    return 0;
  }
-  /* Check the record header does not alias any part of the input.
-   * |SSL_AEAD_CTX_seal| will internally enforce other aliasing requirements. */
-  if (in < out + DTLS1_RT_HEADER_LENGTH && out < in + in_len) {
-    OPENSSL_PUT_ERROR(SSL, SSL_R_OUTPUT_ALIASES_INPUT);
-    return 0;
-  }

  out[0] = type;