kris
/
boringssl
1
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
Browse Source

Prevent writing when write_shutdown is set. 

Ideally we'd put this deep in the record layer, but sending alerts
currently awkwardly sets the field early, so we can't quite lock it out
this deep down.

This is mostly a sanity-check, but a later CL will fix SSL_shutdown's
post-handshake message processing, so this will help catch errors there.

Change-Id: I78e627c19547dbcdc85fb168795240d692baf031
Reviewed-on: https://boringssl-review.googlesource.com/21884
Commit-Queue: Steven Valdez <svaldez@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
Reviewed-by: Steven Valdez <svaldez@google.com>
kris/onging/CECPQ3_patch15
David Benjamin 7 years ago
committed by CQ bot account: commit-bot@chromium.org
parent
d9229f9802
commit
e8d0746b88
5 changed files with 22 additions and 2 deletions
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +5
    -0
      ssl/d1_both.cc
  2. +5
    -0
      ssl/d1_pkt.cc
  3. +5
    -0
      ssl/s3_both.cc
  4. +5
    -0
      ssl/s3_pkt.cc
  5. +2
    -2
      ssl/tls_record.cc

+ 5
- 0
ssl/d1_both.cc View File

@@ -780,6 +780,11 @@ packet_full:
}

static int send_flight(SSL *ssl) {
if (ssl->s3->write_shutdown != ssl_shutdown_none) {
OPENSSL_PUT_ERROR(SSL, SSL_R_PROTOCOL_IS_SHUTDOWN);
return -1;
}

dtls1_update_mtu(ssl);

int ret = -1;


+ 5
- 0
ssl/d1_pkt.cc View File

@@ -213,6 +213,11 @@ int dtls1_write_app_data(SSL *ssl, bool *out_needs_handshake,
assert(!SSL_in_init(ssl));
*out_needs_handshake = false;

if (ssl->s3->write_shutdown != ssl_shutdown_none) {
OPENSSL_PUT_ERROR(SSL, SSL_R_PROTOCOL_IS_SHUTDOWN);
return -1;
}

if (len > SSL3_RT_MAX_PLAIN_LENGTH) {
OPENSSL_PUT_ERROR(SSL, SSL_R_DTLS_MESSAGE_TOO_BIG);
return -1;


+ 5
- 0
ssl/s3_both.cc View File

@@ -233,6 +233,11 @@ int ssl3_flush_flight(SSL *ssl) {
return 1;
}

if (ssl->s3->write_shutdown != ssl_shutdown_none) {
OPENSSL_PUT_ERROR(SSL, SSL_R_PROTOCOL_IS_SHUTDOWN);
return -1;
}

if (ssl->s3->pending_flight->length > 0xffffffff ||
ssl->s3->pending_flight->length > INT_MAX) {
OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);


+ 5
- 0
ssl/s3_pkt.cc View File

@@ -133,6 +133,11 @@ int ssl3_write_app_data(SSL *ssl, bool *out_needs_handshake, const uint8_t *buf,

*out_needs_handshake = false;

if (ssl->s3->write_shutdown != ssl_shutdown_none) {
OPENSSL_PUT_ERROR(SSL, SSL_R_PROTOCOL_IS_SHUTDOWN);
return -1;
}

unsigned tot, n, nw;

assert(ssl->s3->wnum <= INT_MAX);


+ 2
- 2
ssl/tls_record.cc View File

@@ -476,8 +476,8 @@ static bool tls_seal_scatter_suffix_len(const SSL *ssl, size_t *out_suffix_len,
// |tls_seal_scatter_record| implements TLS 1.0 CBC 1/n-1 record splitting and
// may write two records concatenated.
static int tls_seal_scatter_record(SSL *ssl, uint8_t *out_prefix, uint8_t *out,
uint8_t *out_suffix, uint8_t type,
const uint8_t *in, size_t in_len) {
uint8_t *out_suffix, uint8_t type,
const uint8_t *in, size_t in_len) {
if (type == SSL3_RT_APPLICATION_DATA && in_len > 1 &&
ssl_needs_record_splitting(ssl)) {
assert(ssl->s3->aead_write_ctx->ExplicitNonceLen() == 0);


Write Preview
Loading…
Cancel
Save