Check that a TLSv1.3 encrypted message has an app data content type

author Matt Caswell <matt@openssl.org>

Thu, 11 May 2017 09:16:08 +0000 (10:16 +0100)

committer Matt Caswell <matt@openssl.org>

Thu, 11 May 2017 12:13:04 +0000 (13:13 +0100)
author Matt Caswell <matt@openssl.org>
Thu, 11 May 2017 09:16:08 +0000 (10:16 +0100)
committer Matt Caswell <matt@openssl.org>
Thu, 11 May 2017 12:13:04 +0000 (13:13 +0100)
diff --git a/ssl/record/ssl3_record.c b/ssl/record/ssl3_record.c

index 806ef434697c700489b57029f8c5db8fdef1e227..4b36f49b6d5f34982abc4152b9efa5bc7fe876d3 100644 (file)
--- a/ssl/record/ssl3_record.c
+++ b/ssl/record/ssl3_record.c
@@ -618,7 +618,8 @@ int ssl3_get_record(SSL *s)
          if (SSL_IS_TLS13(s) && s->enc_read_ctx != NULL) {
              size_t end;
  
-            if (thisrr->length == 0) {
+            if (thisrr->length == 0
+                    || thisrr->type != SSL3_RT_APPLICATION_DATA) {
                  al = SSL_AD_UNEXPECTED_MESSAGE;
                  SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_BAD_RECORD_TYPE);
                  goto f_err;
author	Matt Caswell <matt@openssl.org>
	Thu, 11 May 2017 09:16:08 +0000 (10:16 +0100)
committer	Matt Caswell <matt@openssl.org>
	Thu, 11 May 2017 12:13:04 +0000 (13:13 +0100)