Add hard assertion to mbedtls_ssl_read_record_layer This commit adds a hard assertion to mbedtls_ssl_read_record_layer triggering if both ssl->in_hslen and ssl->in_offt are not 0. This should never happen, and if it does, there's no sensible way of telling whether the previous message was a handshake or an application data message.

commit: bfbc494114074da58d555cbf01bd54b450f631e1 [log] [tgz]
author: Hanno Becker <hanno.becker@arm.com> Thu Jun 08 13:39:23 2017 +0100
committer: Hanno Becker <hanno.becker@arm.com> Thu Jun 08 14:04:31 2017 +0100
tree: 163e7d28667afbb3d27fa2eaa294353964d95586
parent: 6a582e80f27bf8d72b392b2501e94ee7326b8444 [diff]
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index acb3bad..dafef1f 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c

@@ -3742,6 +3742,7 @@
      *     NOTE: This needs to be fixed, since like for
      *     handshake messages it is allowed to have
      *     multiple alerts witin a single record.
+     *     Internal reference IOTSSL-1321.
      *
      * (3) Change cipher spec:
      *     Consume whole record content, in_msglen = 0.
@@ -3757,6 +3758,12 @@
 
     if( ssl->in_hslen != 0 )
     {
+        if( ssl->in_offt != NULL )
+        {
+            MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
+            return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+        }
+
         /*
          * Get next Handshake message in the current record
          */
commit	bfbc494114074da58d555cbf01bd54b450f631e1	[log] [tgz]
author	Hanno Becker <hanno.becker@arm.com>	Thu Jun 08 13:39:23 2017 +0100
committer	Hanno Becker <hanno.becker@arm.com>	Thu Jun 08 14:04:31 2017 +0100
tree	163e7d28667afbb3d27fa2eaa294353964d95586
parent	6a582e80f27bf8d72b392b2501e94ee7326b8444 [diff]