commit 4cf369b9204f066e0ffac8fa583bd19e72c82592
author David Benjamin <davidben@chromium.org> Sat Aug 22 01:35:43 2015 -0400
committer Adam Langley <agl@google.com> Fri Aug 28 22:03:00 2015 +0000
tree a765ba5fe6cbea8528f33a693146b82cab4440fe
parent b8d28cf532e6dde3d5684ededb3878b05e692e00

Reject empty records of unexpected type.

The old empty record logic discarded the records at a very low-level.
Let the error bubble up to ssl3_read_bytes so the type mismatch logic
may kick in before the empty record is skipped.

Add tests for when the record in question is application data, before
before the handshake and post ChangeCipherSpec.

BUG=521840

Change-Id: I47dff389cda65d6672b9be39d7d89490331063fa
Reviewed-on: https://boringssl-review.googlesource.com/5754
Reviewed-by: Adam Langley <agl@google.com>

ssl/d1_pkt.c

diff --git a/ssl/d1_pkt.c b/ssl/d1_pkt.c
index 6681490..81e9b0a 100644
--- a/ssl/d1_pkt.c
+++ b/ssl/d1_pkt.c
@@ -154,15 +154,6 @@
     case ssl_open_record_success:
       ssl_read_buffer_consume(ssl, consumed);
 
-      /* Discard empty records.
-       * TODO(davidben): This logic should be moved to a higher level. See
-       * https://crbug.com/521840.
-       * TODO(davidben): Limit the number of empty records as in TLS? This is
-       * useful if we also limit discarded packets. */
-      if (len == 0) {
-        goto again;
-      }
-
       if (len > 0xffff) {
         OPENSSL_PUT_ERROR(SSL, ERR_R_OVERFLOW);
         return -1;
@@ -316,6 +307,11 @@
       goto f_err;
     }
 
+    /* Discard empty records. */
+    if (rr->length == 0) {
+      goto start;
+    }
+
     if (len <= 0) {
       return len;
     }