Skip to content

Commit

Permalink
Merge pull request #7638 from gasbytes/patch
Browse files Browse the repository at this point in the history
added check if the buf is at least RECORD_HEADER_SZ
  • Loading branch information
douzzer authored Jun 13, 2024
2 parents 897d55f + 88527a3 commit 385a097
Showing 1 changed file with 15 additions and 4 deletions.
19 changes: 15 additions & 4 deletions src/quic.c
Original file line number Diff line number Diff line change
Expand Up @@ -188,7 +188,7 @@ static word32 add_rec_header(byte* output, word32 length, byte type)
return RECORD_HEADER_SZ;
}

static word32 quic_record_transfer(QuicRecord* qr, byte* buf, word32 sz)
static sword32 quic_record_transfer(QuicRecord* qr, byte* buf, word32 sz)
{
word32 len = qr->end - qr->start;
word32 offset = 0;
Expand All @@ -197,6 +197,12 @@ static word32 quic_record_transfer(QuicRecord* qr, byte* buf, word32 sz)
if (len <= 0) {
return 0;
}

/* We check if the buf is at least RECORD_HEADER_SZ */
if (sz < RECORD_HEADER_SZ) {
return -1;
}

if (qr->rec_hdr_remain == 0) {
/* start a new TLS record */
rlen = (qr->len <= (word32)MAX_RECORD_SIZE) ?
Expand All @@ -218,7 +224,7 @@ static word32 quic_record_transfer(QuicRecord* qr, byte* buf, word32 sz)
qr->start += len;
qr->rec_hdr_remain -= len;
}
return len + offset;
return (sword32)(len + offset);
}


Expand Down Expand Up @@ -766,14 +772,19 @@ int wolfSSL_provide_quic_data(WOLFSSL* ssl, WOLFSSL_ENCRYPTION_LEVEL level,
/* Called internally when SSL wants a certain amount of input. */
int wolfSSL_quic_receive(WOLFSSL* ssl, byte* buf, word32 sz)
{
word32 n = 0;
sword32 n = 0;
int transferred = 0;

WOLFSSL_ENTER("wolfSSL_quic_receive");
while (sz > 0) {
n = 0;
if (ssl->quic.input_head) {
n = quic_record_transfer(ssl->quic.input_head, buf, sz);

/* record too small to be fit into a RecordLayerHeader struct. */
if (n == -1) {
return -1;
}
if (quic_record_done(ssl->quic.input_head)) {
QuicRecord* qr = ssl->quic.input_head;
ssl->quic.input_head = qr->next;
Expand All @@ -791,7 +802,7 @@ int wolfSSL_quic_receive(WOLFSSL* ssl, byte* buf, word32 sz)
ssl->error = transferred = WANT_READ;
goto cleanup;
}
sz -= n;
sz -= (word32)n;
buf += n;
transferred += (int)n;
}
Expand Down

0 comments on commit 385a097

Please sign in to comment.