From ec014083890a70ce3bb93e797d4970e3ab98b970 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Fri, 26 Jul 2019 08:20:27 +0100
Subject: [PATCH] Reintroduce length 0 check for records

---
 library/ssl_tls.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 22ee6fc70..6dd509ec6 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -4946,6 +4946,9 @@ static int ssl_parse_record_header( mbedtls_ssl_context const *ssl,
     rec->buf     = buf;
     rec->buf_len = rec->data_offset + rec->data_len;
 
+    if( rec->data_len == 0 )
+        return( MBEDTLS_ERR_SSL_INVALID_RECORD );
+
     /*
      * DTLS-related tests.
      * Check epoch before checking length constraint because