ref: 584fc456ef5a56035d11e61eb76e5edf94991beb
parent: df285b891569cbafcbf94089d44e0b67991eb534
author: cinap_lenrek <cinap_lenrek@felloff.net>
date: Mon Nov 8 20:46:13 EST 2021
devtls: reject zero length records (thanks sigrid) zero length record causes ensure() todo nothing, while qgrab() assumes there is at least one buffer in the queue and would dereference the nil buffer.
--- a/sys/src/9/port/devtls.c
+++ b/sys/src/9/port/devtls.c
@@ -766,8 +766,8 @@
if(ver != tr->version && (tr->verset || ver < MinProtoVersion || ver > MaxProtoVersion))
rcvError(tr, EProtocolVersion, "devtls expected ver=%x%s, saw (len=%d) type=%x ver=%x '%.12s'",
tr->version, tr->verset?"/set":"", len, type, ver, (char*)header);
- if(len > MaxCipherRecLen || len < 0)
- rcvError(tr, ERecordOverflow, "record message too long %d", len);
+ if(len > MaxCipherRecLen || len <= 0)
+ rcvError(tr, ERecordOverflow, "bad record message length %d", len);
ensure(tr, &tr->unprocessed, len);
nconsumed = 0;
poperror();
--
⑨