Fail cleanly on unhandled case

commit: 23cad339c431eca16ed47987b07bd0e5d654ed38 [log] [tgz]
author: Manuel Pégourié-Gonnard <mpg@elzevir.fr> Mon Oct 13 17:06:41 2014 +0200
committer: Paul Bakker <p.j.bakker@polarssl.org> Tue Oct 21 16:32:52 2014 +0200
tree: 39948a694abccca6fc54e4c1c64b39dec7a1d341
parent: 994f8b554fadc41783258b523c1230c4f21beadb [diff] [blame]
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index e72aa3e..4edf19a 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c

@@ -2688,6 +2688,17 @@
 
     SSL_DEBUG_MSG( 2, ( "handshake message completed" ) );
 
+    if( frag_len + 12 < ssl->in_msglen )
+    {
+        /*
+         * We'got more handshake messages in the same record.
+         * This case is not handled now because no know implementation does
+         * that and it's hard to test, so we prefer to fail cleanly for now.
+         */
+        SSL_DEBUG_MSG( 1, ( "last fragment not alone in its record" ) );
+        return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE );
+    }
+
     if( ssl->in_left > ssl->next_record_offset )
     {
         /*
commit	23cad339c431eca16ed47987b07bd0e5d654ed38	[log] [tgz]
author	Manuel Pégourié-Gonnard <mpg@elzevir.fr>	Mon Oct 13 17:06:41 2014 +0200
committer	Paul Bakker <p.j.bakker@polarssl.org>	Tue Oct 21 16:32:52 2014 +0200
tree	39948a694abccca6fc54e4c1c64b39dec7a1d341
parent	994f8b554fadc41783258b523c1230c4f21beadb [diff] [blame]