Skip to content

Commit c20c632

Browse files
authored
Merge pull request #64 from mrdeep1/fixes_59b
dtls.c: Reject any fragmented handshake until fragmentation supported
2 parents 7964330 + 2609dac commit c20c632

1 file changed

Lines changed: 15 additions & 0 deletions

File tree

dtls.c

Lines changed: 15 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -3676,6 +3676,9 @@ handle_handshake(dtls_context_t *ctx, dtls_peer_t *peer, session_t *session,
36763676
{
36773677
dtls_handshake_header_t *hs_header;
36783678
int res;
3679+
size_t packet_length;
3680+
size_t fragment_length;
3681+
size_t fragment_offset;
36793682

36803683
if (data_length < DTLS_HS_LENGTH) {
36813684
dtls_warn("handshake message too short\n");
@@ -3686,6 +3689,18 @@ handle_handshake(dtls_context_t *ctx, dtls_peer_t *peer, session_t *session,
36863689
dtls_debug("received handshake packet of type: %s (%i)\n",
36873690
dtls_handshake_type_to_name(hs_header->msg_type), hs_header->msg_type);
36883691

3692+
packet_length = dtls_uint24_to_int(hs_header->length);
3693+
fragment_length = dtls_uint24_to_int(hs_header->fragment_length);
3694+
fragment_offset = dtls_uint24_to_int(hs_header->fragment_offset);
3695+
if (packet_length != fragment_length || fragment_offset != 0) {
3696+
dtls_warn("No fragment support (yet)\n");
3697+
return dtls_alert_fatal_create(DTLS_ALERT_HANDSHAKE_FAILURE);
3698+
}
3699+
if (fragment_length + DTLS_HS_LENGTH != data_length) {
3700+
dtls_warn("Fragment size does not match packet size\n");
3701+
return dtls_alert_fatal_create(DTLS_ALERT_HANDSHAKE_FAILURE);
3702+
}
3703+
36893704
if (!peer || !peer->handshake_params) {
36903705
/* This is the initial ClientHello */
36913706
if (hs_header->msg_type != DTLS_HT_CLIENT_HELLO && !peer) {

0 commit comments

Comments
 (0)