From 46483f11bfd7dd0d0ea08330a7e8e04567e2ae7f Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 3 May 2019 13:25:54 +0100 Subject: [PATCH] Add helper function to check validity of record content type With the introduction of the CID feature, the stack needs to be able to handle a change of record content type during record protection, which in particular means that the record content type check will need to move or be duplicated. This commit introduces a tiny static helper function which checks the validity of record content types, which hopefully makes it easier to subsequently move or duplicate this check. --- library/ssl_tls.c | 18 ++++++++++++++---- 1 file changed, 14 insertions(+), 4 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 4ffaeb0f65..4af56f0e97 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -4371,6 +4371,19 @@ static int ssl_handle_possible_reconnect( mbedtls_ssl_context *ssl ) } #endif /* MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE && MBEDTLS_SSL_SRV_C */ +static int ssl_check_record_type( uint8_t record_type ) +{ + if( record_type != MBEDTLS_SSL_MSG_HANDSHAKE && + record_type != MBEDTLS_SSL_MSG_ALERT && + record_type != MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC && + record_type != MBEDTLS_SSL_MSG_APPLICATION_DATA ) + { + return( MBEDTLS_ERR_SSL_INVALID_RECORD ); + } + + return( 0 ); +} + /* * ContentType type; * ProtocolVersion version; @@ -4406,10 +4419,7 @@ static int ssl_parse_record_header( mbedtls_ssl_context *ssl ) major_ver, minor_ver, ssl->in_msglen ) ); /* Check record type */ - if( ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE && - ssl->in_msgtype != MBEDTLS_SSL_MSG_ALERT && - ssl->in_msgtype != MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC && - ssl->in_msgtype != MBEDTLS_SSL_MSG_APPLICATION_DATA ) + if( ssl_check_record_type( ssl->in_msgtype ) ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "unknown record type" ) );