- Report unexpected_message if unknown record type is received

0a925187 · Paul Bakker · 6f3578cf · 0a925187 · 0a925187
Commit 0a925187 authored Apr 16, 2012 by Paul Bakker
Hide whitespace changes
Inline Side-by-side

Showing with 53 additions and 0 deletions

include/polarssl/ssl.h include/polarssl/ssl.h +13 -0

library/ssl_tls.c library/ssl_tls.c +40 -0

No files found.
--- a/include/polarssl/ssl.h
+++ b/include/polarssl/ssl.h
@@ -695,6 +695,19 @@ int ssl_read( ssl_context *ssl, unsigned char *buf, size_t len );
 */
 int ssl_write( ssl_context *ssl, const unsigned char *buf, size_t len );

+/**
+ * \brief           Send an alert message
+ *
+ * \param ssl       SSL context
+ * \param level     The alert level of the message
+ *                  (SSL_ALERT_LEVEL_WARNING or SSL_ALERT_LEVEL_FATAL)
+ * \param message   The alert message (SSL_ALERT_MSG_*)
+ *
+ * \return          1 if successful, or a specific SSL error code.
+ */
+int ssl_send_alert_message( ssl_context *ssl,
+                            unsigned char level,
+                            unsigned char message );
 /**
 * \brief          Notify the peer that the connection is being closed
 *

--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -1359,6 +1359,22 @@ int ssl_read_record( ssl_context *ssl )
        }
    }

+    if( ssl->in_msgtype != SSL_MSG_HANDSHAKE &&
+        ssl->in_msgtype != SSL_MSG_ALERT &&
+        ssl->in_msgtype != SSL_MSG_CHANGE_CIPHER_SPEC &&
+        ssl->in_msgtype != SSL_MSG_APPLICATION_DATA )
+    {
+        SSL_DEBUG_MSG( 1, ( "unknown record type" ) );
+
+        if( ( ret = ssl_send_alert_message( ssl, SSL_ALERT_LEVEL_FATAL,
+              SSL_ALERT_MSG_UNEXPECTED_MESSAGE ) ) != 0 )
+        {
+            return( ret );
+        }
+
+        return( POLARSSL_ERR_SSL_INVALID_RECORD );
+    }
+
    if( ssl->in_msgtype == SSL_MSG_HANDSHAKE )
    {
        ssl->in_hslen  = 4;
@@ -1421,6 +1437,30 @@ int ssl_read_record( ssl_context *ssl )
    return( 0 );
 }

+int ssl_send_alert_message( ssl_context *ssl,
+                            unsigned char level,
+                            unsigned char message )
+{
+    int ret;
+
+    SSL_DEBUG_MSG( 2, ( "=> send alert message" ) );
+
+    ssl->out_msgtype = SSL_MSG_ALERT;
+    ssl->out_msglen = 2;
+    ssl->out_msg[0] = level;
+    ssl->out_msg[1] = message;
+
+    if( ( ret = ssl_write_record( ssl ) ) != 0 )
+    {
+        SSL_DEBUG_RET( 1, "ssl_write_record", ret );
+        return( ret );
+    }
+
+    SSL_DEBUG_MSG( 2, ( "<= send alert message" ) );
+
+    return( 0 );
+}
+
 /*
 * Handshake functions
 */