From dc4d62748cc6878ba56cfa45a6c7ac55faac74c2 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Wed, 10 Jul 2019 15:01:45 +0100
Subject: [PATCH] Don't call ssl_fetch_input for record content fetch in DTLS

As explained in the previous commit, if mbedtls_ssl_fetch_input()
is called multiple times, all but the first call are equivalent to
bounds checks in the incoming datagram.
---
 library/ssl_tls.c | 36 +++++++++++++++++++++++++-----------
 1 file changed, 25 insertions(+), 11 deletions(-)

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 2b5775339..c7f8e4858 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -5813,19 +5813,21 @@ static int ssl_get_next_record( mbedtls_ssl_context *ssl )
     }
 
     /*
-     * Read and optionally decrypt the message contents
+     * Make sure the entire record contents are available.
+     *
+     * In TLS, this means fetching them from the underlying transport.
+     * In DTLS, it means checking that the incoming datagram is large enough.
      */
-    if( ( ret = mbedtls_ssl_fetch_input( ssl,
-                                 mbedtls_ssl_in_hdr_len( ssl ) + ssl->in_msglen ) ) != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_fetch_input", ret );
-        return( ret );
-    }
-
-    /* Done reading this record, get ready for the next one */
 #if defined(MBEDTLS_SSL_PROTO_DTLS)
     if( MBEDTLS_SSL_TRANSPORT_IS_DTLS( ssl->conf->transport ) )
     {
+        if( ssl->in_left < mbedtls_ssl_in_hdr_len( ssl ) + ssl->in_msglen )
+        {
+            MBEDTLS_SSL_DEBUG_MSG( 1, ( "Datagram too small to contain record." ) );
+            return( MBEDTLS_ERR_SSL_INVALID_RECORD );
+        }
+
+        /* Remember offset of next record within datagram. */
         ssl->next_record_offset = ssl->in_msglen + mbedtls_ssl_in_hdr_len( ssl );
         if( ssl->next_record_offset < ssl->in_left )
         {
@@ -5833,12 +5835,24 @@ static int ssl_get_next_record( mbedtls_ssl_context *ssl )
         }
     }
     MBEDTLS_SSL_TRANSPORT_ELSE
-#endif
+#endif /* MBEDTLS_SSL_PROTO_DTLS */
 #if defined(MBEDTLS_SSL_PROTO_TLS)
     {
+        ret = mbedtls_ssl_fetch_input( ssl,
+                              mbedtls_ssl_in_hdr_len( ssl ) + ssl->in_msglen );
+        if( ret != 0 )
+        {
+            MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_fetch_input", ret );
+            return( ret );
+        }
+
         ssl->in_left = 0;
     }
-#endif
+#endif /* MBEDTLS_SSL_PROTO_TLS */
+
+    /*
+     * Decrypt record contents.
+     */
 
     if( ( ret = ssl_prepare_record_content( ssl ) ) != 0 )
     {