commit 919e596c05c14f7754655b970c5fab47824a2bd5
author Ronald Cron <ronald.cron@arm.com> Thu Feb 08 15:48:29 2024 +0100
committer Ronald Cron <ronald.cron@arm.com> Fri Mar 01 09:29:16 2024 +0100
tree fdb472fd2e63f50c1a858c910fd9fccd388b2ff2
parent 2160bfe4e23af0c290c23a0c7d83637fb7adb658

Enforce maximum size of early data when rejected

Signed-off-by: Ronald Cron <ronald.cron@arm.com>

library/ssl_msg.c

diff --git a/library/ssl_msg.c b/library/ssl_msg.c
index 2a6d434..6c508d6 100644
--- a/library/ssl_msg.c
+++ b/library/ssl_msg.c
@@ -4005,7 +4005,11 @@
                  MBEDTLS_SSL_EARLY_DATA_TRY_TO_DEPROTECT_AND_DISCARD)) {
                 MBEDTLS_SSL_DEBUG_MSG(
                     3, ("EarlyData: deprotect and discard app data records."));
-                /* TODO: Add max_early_data_size check here, see issue 6347 */
+
+                ret = mbedtls_ssl_tls13_check_early_data_len(ssl, rec->data_len);
+                if (ret != 0) {
+                    return ret;
+                }
                 ret = MBEDTLS_ERR_SSL_CONTINUE_PROCESSING;
             }
 #endif /* MBEDTLS_SSL_EARLY_DATA && MBEDTLS_SSL_SRV_C */