shithub: drawterm

Download patch

ref: 61ee60d7237b285d36ad0130fbb7caf7fca7804a
parent: 67284dd2c09c74ea425f4ded41a90b640b607eae
author: cinap_lenrek <[email protected]>
date: Mon Nov 8 20:55:47 EST 2021

devtls: reject zero length records (thanks sigrid)

zero length record causes ensure() todo nothing,
while qgrab() assumes there is at least one buffer
in the queue and would dereference the nil buffer.

--- a/kern/devtls.c
+++ b/kern/devtls.c
@@ -763,8 +763,8 @@
 	if(ver != tr->version && (tr->verset || ver < MinProtoVersion || ver > MaxProtoVersion))
 		rcvError(tr, EProtocolVersion, "devtls expected ver=%x%s, saw (len=%d) type=%x ver=%x '%.12s'",
 			tr->version, tr->verset?"/set":"", len, type, ver, (char*)header);
-	if(len > MaxCipherRecLen || len < 0)
-		rcvError(tr, ERecordOverflow, "record message too long %d", len);
+	if(len > MaxCipherRecLen || len <= 0)
+		rcvError(tr, ERecordOverflow, "bad record message length %d", len);
 	ensure(tr, &tr->unprocessed, len);
 	nconsumed = 0;
 	poperror();