diff options
author | Peter Dettman <peter.dettman@bouncycastle.org> | 2013-06-22 13:09:33 +0400 |
---|---|---|
committer | Peter Dettman <peter.dettman@bouncycastle.org> | 2013-06-22 13:09:33 +0400 |
commit | c92398145faf66b5c301e1cdd00370bf255389a5 (patch) | |
tree | 9beb019b8bb9ade0b1670420cf68f04a2f5a5f6e /core/src/main/java/org/bouncycastle/crypto/tls/RecordStream.java | |
parent | a0e6b53a17910454067e5d28ba9b72bd0432a812 (diff) |
Check for empty non-application_data records in RecordStream
Diffstat (limited to 'core/src/main/java/org/bouncycastle/crypto/tls/RecordStream.java')
-rw-r--r-- | core/src/main/java/org/bouncycastle/crypto/tls/RecordStream.java | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/core/src/main/java/org/bouncycastle/crypto/tls/RecordStream.java b/core/src/main/java/org/bouncycastle/crypto/tls/RecordStream.java index f74ef083..684eb1fc 100644 --- a/core/src/main/java/org/bouncycastle/crypto/tls/RecordStream.java +++ b/core/src/main/java/org/bouncycastle/crypto/tls/RecordStream.java @@ -203,6 +203,15 @@ class RecordStream */ checkLength(decoded.length, plaintextLimit, AlertDescription.decompression_failure); + /* + * RFC 5264 6.2.1 Implementations MUST NOT send zero-length fragments of Handshake, Alert, + * or ChangeCipherSpec content types. + */ + if (decoded.length < 1 && type != ContentType.application_data) + { + throw new TlsFatalAlert(AlertDescription.illegal_parameter); + } + return decoded; } |