shithub: plan9front

Download patch

ref: fccbc306505b2d8cfa97b6c87db9d47a9351cf58
parent: a87ce74d606e1384f43b0afb39e1f17e2e635a1c
author: cinap_lenrek <cinap_lenrek@felloff.net>
date: Mon Nov 8 19:33:16 EST 2021

devtls: reject zero length records (thanks sigrid)

zero length record causes ensure() todo nothing,
while qgrab() assumes there is at least one buffer
in the queue and would dereference the nil buffer.

--- a/sys/src/9/port/devtls.c	Sun Nov  7 12:58:52 2021
+++ b/sys/src/9/port/devtls.c	Mon Nov  8 19:33:16 2021
@@ -766,8 +766,8 @@
 	if(ver != tr->version && (tr->verset || ver < MinProtoVersion || ver > MaxProtoVersion))
 		rcvError(tr, EProtocolVersion, "devtls expected ver=%x%s, saw (len=%d) type=%x ver=%x '%.12s'",
 			tr->version, tr->verset?"/set":"", len, type, ver, (char*)header);
-	if(len > MaxCipherRecLen || len < 0)
-		rcvError(tr, ERecordOverflow, "record message too long %d", len);
+	if(len > MaxCipherRecLen || len <= 0)
+		rcvError(tr, ERecordOverflow, "bad record message length %d", len);
 	ensure(tr, &tr->unprocessed, len);
 	nconsumed = 0;
 	poperror();