ref: fccbc306505b2d8cfa97b6c87db9d47a9351cf58
parent: a87ce74d606e1384f43b0afb39e1f17e2e635a1c
author: cinap_lenrek <cinap_lenrek@felloff.net>
date: Mon Nov 8 19:33:16 EST 2021
devtls: reject zero length records (thanks sigrid) zero length record causes ensure() todo nothing, while qgrab() assumes there is at least one buffer in the queue and would dereference the nil buffer.
--- a/sys/src/9/port/devtls.c
+++ b/sys/src/9/port/devtls.c
@@ -766,8 +766,8 @@
if(ver != tr->version && (tr->verset || ver < MinProtoVersion || ver > MaxProtoVersion))
rcvError(tr, EProtocolVersion, "devtls expected ver=%x%s, saw (len=%d) type=%x ver=%x '%.12s'",
tr->version, tr->verset?"/set":"", len, type, ver, (char*)header);
- if(len > MaxCipherRecLen || len < 0)
- rcvError(tr, ERecordOverflow, "record message too long %d", len);
+ if(len > MaxCipherRecLen || len <= 0)
+ rcvError(tr, ERecordOverflow, "bad record message length %d", len);
ensure(tr, &tr->unprocessed, len);
nconsumed = 0;
poperror();