diff options
author | Peter Dettman <peter.dettman@bouncycastle.org> | 2014-06-21 11:56:19 +0400 |
---|---|---|
committer | Peter Dettman <peter.dettman@bouncycastle.org> | 2014-06-21 11:56:19 +0400 |
commit | b8f62d6de66757fb53d10295ff41d85cfdd7b97d (patch) | |
tree | 1f310aa8dac2f6a42985d46df93e9b3a44bcefe0 /core/src/main/java/org/bouncycastle | |
parent | e1ab1d1e6a5492aa369d03433aa52171038c8353 (diff) |
- Check there are no alert or handshake fragments remaining when a
change_cipher_spec is processed
- Guard against heartbeat packets during the handshake (although
heartbeat protocol is not implemented yet anyway)
Diffstat (limited to 'core/src/main/java/org/bouncycastle')
-rw-r--r-- | core/src/main/java/org/bouncycastle/crypto/tls/TlsProtocol.java | 15 |
1 files changed, 12 insertions, 3 deletions
diff --git a/core/src/main/java/org/bouncycastle/crypto/tls/TlsProtocol.java b/core/src/main/java/org/bouncycastle/crypto/tls/TlsProtocol.java index 9e6d73ae..02629056 100644 --- a/core/src/main/java/org/bouncycastle/crypto/tls/TlsProtocol.java +++ b/core/src/main/java/org/bouncycastle/crypto/tls/TlsProtocol.java @@ -53,6 +53,7 @@ public abstract class TlsProtocol private ByteQueue applicationDataQueue = new ByteQueue(); private ByteQueue alertQueue = new ByteQueue(2); private ByteQueue handshakeQueue = new ByteQueue(); +// private ByteQueue heartbeatQueue = new ByteQueue(); /* * The Record Stream we use @@ -228,7 +229,13 @@ public abstract class TlsProtocol } case ContentType.heartbeat: { + if (!appDataReady) + { + throw new TlsFatalAlert(AlertDescription.unexpected_message); + } // TODO[RFC 6520] +// heartbeatQueue.addData(buf, offset, len); +// processHeartbeat(); } default: /* @@ -379,15 +386,17 @@ public abstract class TlsProtocol throw new TlsFatalAlert(AlertDescription.decode_error); } - if (this.receivedChangeCipherSpec) + if (this.receivedChangeCipherSpec + || alertQueue.size() > 0 + || handshakeQueue.size() > 0) { throw new TlsFatalAlert(AlertDescription.unexpected_message); } + recordStream.receivedReadCipherSpec(); + this.receivedChangeCipherSpec = true; - recordStream.receivedReadCipherSpec(); - handleChangeCipherSpecMessage(); } } |