Pend one alert in case wrong EXT_EARLY_DATA length
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c
index f68b240..4935fbf 100644
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@@ -2542,9 +2542,18 @@
{
case MBEDTLS_TLS_EXT_EARLY_DATA:
MBEDTLS_SSL_DEBUG_MSG( 4, ( "early_data extension received" ) );
- if( extension_data_len == 4 && ssl->session != NULL )
+ if( extension_data_len != 4 )
+ {
+ MBEDTLS_SSL_PEND_FATAL_ALERT(
+ MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR,
+ MBEDTLS_ERR_SSL_DECODE_ERROR );
+ return( MBEDTLS_ERR_SSL_DECODE_ERROR );
+ }
+ if( ssl->session != NULL )
+ {
ssl->session->ticket_flags |=
MBEDTLS_SSL_TICKET_ALLOW_EARLY_DATA;
+ }
break;
default: