From fc4c15faa462c1a4cbf002f214f6503e629e7a20 Mon Sep 17 00:00:00 2001
From: Matt Caswell <matt@openssl.org>
Date: Thu, 11 May 2017 10:34:25 +0100
Subject: [PATCH] TLSv1.3 alert and handshake messages can never be 0 length

We abort if we read a message like this.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3436)
---
 ssl/record/ssl3_record.c | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/ssl/record/ssl3_record.c b/ssl/record/ssl3_record.c
index 4b36f49b6d..aea52fd7fa 100644
--- a/ssl/record/ssl3_record.c
+++ b/ssl/record/ssl3_record.c
@@ -644,6 +644,15 @@ int ssl3_get_record(SSL *s)
                                 &thisrr->data[end], 1, s, s->msg_callback_arg);
         }
 
+        if (SSL_IS_TLS13(s)
+                && (thisrr->type == SSL3_RT_HANDSHAKE
+                    || thisrr->type == SSL3_RT_ALERT)
+                && thisrr->length == 0) {
+            al = SSL_AD_UNEXPECTED_MESSAGE;
+            SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_BAD_LENGTH);
+            goto f_err;
+        }
+
         if (thisrr->length > SSL3_RT_MAX_PLAIN_LENGTH) {
             al = SSL_AD_RECORD_OVERFLOW;
             SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_DATA_LENGTH_TOO_LONG);
-- 
2.25.1