commit 7aa24190b498f7bba2946e49e2d1f0c38ba90e83
author Gilles Peskine <Gilles.Peskine@arm.com> Thu Nov 23 20:09:48 2017 +0100
committer Gilles Peskine <Gilles.Peskine@arm.com> Thu Nov 23 20:09:48 2017 +0100
tree 551b7ee66ed7b0e1970d638fb359ffd250c49f52
parent ea0aa655f6dde0007e0b6bd8ec49debed203aa79
parent 797c0843942844e0661467e63da2d7375c500b6e

Merge remote-tracking branch 'upstream-public/pr/1107' into mbedtls-2.1

ChangeLog

diff --git a/ChangeLog b/ChangeLog
index 0e9fa29..a28eea0 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -2,17 +2,6 @@
 
 = mbed TLS 2.1.10 branch released 2017-xx-xx
 
-Bugfix
-   * Fix memory leak in mbedtls_ssl_set_hostname() when called multiple times.
-     Found by projectgus and jethrogb, #836.
-   * Fix usage help in ssl_server2 example. Found and fixed by Bei Lin.
-   * Parse signature algorithm extension when renegotiating. Previously,
-     renegotiated handshakes would only accept signatures using SHA-1
-     regardless of the peer's preferences, or fail if SHA-1 was disabled.
-   * Fix leap year calculation in x509_date_is_valid() to ensure that invalid
-     dates on leap years with 100 and 400 intervals are handled correctly. Found
-     by Nicholas Wilson. #694
-
 Security
    * Fix a potential heap buffer overflow in mbedtls_ssl_write. When the (by
      default enabled) maximum fragment length extension is disabled in the
@@ -23,6 +12,19 @@
      was independently reported by Tim Nordell via e-mail and by Florin Petriuc
      and sjorsdewit on GitHub. Fix proposed by Florin Petriuc in #1022. Fixes #707.
 
+Bugfix
+   * Fix ssl_parse_record_header() to silently discard invalid DTLS records
+     as recommended in RFC 6347 Section 4.1.2.7.
+   * Fix memory leak in mbedtls_ssl_set_hostname() when called multiple times.
+     Found by projectgus and jethrogb, #836.
+   * Fix usage help in ssl_server2 example. Found and fixed by Bei Lin.
+   * Parse signature algorithm extension when renegotiating. Previously,
+     renegotiated handshakes would only accept signatures using SHA-1
+     regardless of the peer's preferences, or fail if SHA-1 was disabled.
+   * Fix leap year calculation in x509_date_is_valid() to ensure that invalid
+     dates on leap years with 100 and 400 intervals are handled correctly. Found
+     by Nicholas Wilson. #694
+
 = mbed TLS 2.1.9 branch released 2017-08-10
 
 Security

library/ssl_tls.c

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index d95180d..79fb9a7 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -3458,7 +3458,6 @@
  */
 static int ssl_parse_record_header( mbedtls_ssl_context *ssl )
 {
-    int ret;
     int major_ver, minor_ver;
 
     MBEDTLS_SSL_DEBUG_BUF( 4, "input record header", ssl->in_hdr, mbedtls_ssl_hdr_len( ssl ) );
@@ -3480,12 +3479,13 @@
     {
         MBEDTLS_SSL_DEBUG_MSG( 1, ( "unknown record type" ) );
 
-        if( ( ret = mbedtls_ssl_send_alert_message( ssl,
-                        MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                        MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE ) ) != 0 )
-        {
-            return( ret );
-        }
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+        /* Silently ignore invalid DTLS records as recommended by RFC 6347
+         * Section 4.1.2.7 */
+        if( ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM )
+#endif /* MBEDTLS_SSL_PROTO_DTLS */
+            mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+                                    MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE );
 
         return( MBEDTLS_ERR_SSL_INVALID_RECORD );
     }