From f97e6a9b250eb0550248ab5d2d32cfdbd34b9209 Mon Sep 17 00:00:00 2001 From: Todd Short Date: Thu, 29 Aug 2019 12:03:48 -0400 Subject: [PATCH] Don't process an incomplete message --- ssl/statem/statem_quic.c | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/ssl/statem/statem_quic.c b/ssl/statem/statem_quic.c index 80d5406b1a4bc..72a89a1ebaffc 100644 --- a/ssl/statem/statem_quic.c +++ b/ssl/statem/statem_quic.c @@ -18,24 +18,24 @@ NON_EMPTY_TRANSLATION_UNIT int quic_get_message(SSL *s, int *mt, size_t *len) { size_t l; - QUIC_DATA *qd; + QUIC_DATA *qd = s->quic_input_data_head; uint8_t *p; - if (s->quic_input_data_head == NULL) { + if (qd == NULL || (qd->length - qd->offset) != 0) { s->rwstate = SSL_READING; *len = 0; return 0; } /* This is where we check for the proper level, not when data is given */ - if (s->quic_input_data_head->level != s->quic_read_level) { + if (qd->level != s->quic_read_level) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_QUIC_GET_MESSAGE, SSL_R_WRONG_ENCRYPTION_LEVEL_RECEIVED); *len = 0; return 0; } - if (!BUF_MEM_grow_clean(s->init_buf, (int)s->quic_input_data_head->length)) { + if (!BUF_MEM_grow_clean(s->init_buf, (int)qd->length)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_QUIC_GET_MESSAGE, ERR_R_BUF_LIB); *len = 0; @@ -43,7 +43,6 @@ int quic_get_message(SSL *s, int *mt, size_t *len) } /* Copy buffered data */ - qd = s->quic_input_data_head; memcpy(s->init_buf->data, (void*)(qd + 1), qd->length); s->init_buf->length = qd->length; s->quic_input_data_head = qd->next;