Check for empty non-application_data records in RecordStream

author: Peter Dettman <peter.dettman@bouncycastle.org> 2013-06-22 13:09:33 +0400
committer: Peter Dettman <peter.dettman@bouncycastle.org> 2013-06-22 13:09:33 +0400
commit: c92398145faf66b5c301e1cdd00370bf255389a5 (patch)
tree: 9beb019b8bb9ade0b1670420cf68f04a2f5a5f6e /core/src/main/java/org/bouncycastle/crypto/tls/RecordStream.java
parent: a0e6b53a17910454067e5d28ba9b72bd0432a812 (diff)
1 files changed, 9 insertions, 0 deletions
diff --git a/core/src/main/java/org/bouncycastle/crypto/tls/RecordStream.java b/core/src/main/java/org/bouncycastle/crypto/tls/RecordStream.java
index f74ef083..684eb1fc 100644
--- a/core/src/main/java/org/bouncycastle/crypto/tls/RecordStream.java
+++ b/core/src/main/java/org/bouncycastle/crypto/tls/RecordStream.java
@@ -203,6 +203,15 @@ class RecordStream
          */
         checkLength(decoded.length, plaintextLimit, AlertDescription.decompression_failure);
 
+        /*
+         * RFC 5264 6.2.1 Implementations MUST NOT send zero-length fragments of Handshake, Alert,
+         * or ChangeCipherSpec content types.
+         */
+        if (decoded.length < 1 && type != ContentType.application_data)
+        {
+            throw new TlsFatalAlert(AlertDescription.illegal_parameter);
+        }
+
         return decoded;
     }
author	Peter Dettman <peter.dettman@bouncycastle.org>	2013-06-22 13:09:33 +0400
committer	Peter Dettman <peter.dettman@bouncycastle.org>	2013-06-22 13:09:33 +0400
commit	c92398145faf66b5c301e1cdd00370bf255389a5 (patch)
tree	9beb019b8bb9ade0b1670420cf68f04a2f5a5f6e /core/src/main/java/org/bouncycastle/crypto/tls/RecordStream.java
parent	a0e6b53a17910454067e5d28ba9b72bd0432a812 (diff)