From 6efd143cc20073dea4cf8d1b5dccc6cecb219512 Mon Sep 17 00:00:00 2001 From: Martin Thomson Date: Wed, 13 Feb 2019 08:49:16 +1100 Subject: [PATCH] Bug 1520459 - Send decode_error for padded record_size_limit extension, r=jcj Summary: This is all I plan to do for this bug. Reviewers: jcj Tags: #secure-revision Bug #: 1520459 Differential Revision: https://phabricator.services.mozilla.com/D19576 --HG-- extra : amend_source : cbc830e8861fb691b0500b773a96b8dc24db4fab --- gtests/ssl_gtest/ssl_recordsize_unittest.cc | 10 ++++++++++ lib/ssl/ssl3exthandle.c | 2 +- 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/gtests/ssl_gtest/ssl_recordsize_unittest.cc b/gtests/ssl_gtest/ssl_recordsize_unittest.cc index 0a54ae1a80..c9149bcd94 100644 --- a/gtests/ssl_gtest/ssl_recordsize_unittest.cc +++ b/gtests/ssl_gtest/ssl_recordsize_unittest.cc @@ -397,6 +397,16 @@ TEST_P(TlsConnectGeneric, RecordSizeServerExtensionInvalid) { ConnectExpectAlert(client_, kTlsAlertIllegalParameter); } +TEST_P(TlsConnectGeneric, RecordSizeServerExtensionExtra) { + EnsureTlsSetup(); + server_->SetOption(SSL_RECORD_SIZE_LIMIT, 1000); + static const uint8_t v[] = {0x01, 0x00, 0x00}; + auto replace = MakeTlsFilter( + server_, ssl_record_size_limit_xtn, DataBuffer(v, sizeof(v))); + replace->EnableDecryption(); + ConnectExpectAlert(client_, kTlsAlertDecodeError); +} + class RecordSizeDefaultsTest : public ::testing::Test { public: void SetUp() { diff --git a/lib/ssl/ssl3exthandle.c b/lib/ssl/ssl3exthandle.c index a2d83fa97a..e25a8f887f 100644 --- a/lib/ssl/ssl3exthandle.c +++ b/lib/ssl/ssl3exthandle.c @@ -1927,7 +1927,7 @@ ssl_HandleRecordSizeLimitXtn(const sslSocket *ss, TLSExtensionData *xtnData, return SECFailure; } if (data->len != 0 || limit < 64) { - ssl3_ExtSendAlert(ss, alert_fatal, illegal_parameter); + ssl3_ExtSendAlert(ss, alert_fatal, decode_error); PORT_SetError(SSL_ERROR_RX_MALFORMED_HANDSHAKE); return SECFailure; }