Skip to content
Permalink
Browse files Browse the repository at this point in the history
Reject zero length handshake records.
Summary:
Zero length (all padding) handshake are forbidden by RFC. Allowing
these was a regression in D13754697 (2c6f78a).

This is a partial fix for CVE-2019-11924

Reviewed By: xybu

Differential Revision: D16285100

fbshipit-source-id: 05a19d31ad74601ce89156a0e59517aaad8dd928
  • Loading branch information
siyengar authored and facebook-github-bot committed Aug 8, 2019
1 parent 29b79d4 commit 6bf6713
Show file tree
Hide file tree
Showing 2 changed files with 2 additions and 2 deletions.
2 changes: 1 addition & 1 deletion fizz/record/EncryptedRecordLayer.cpp
Expand Up @@ -147,7 +147,7 @@ folly::Optional<TLSMessage> EncryptedReadRecordLayer::read(
static_cast<ContentTypeType>(msg.type)));
}

if (!msg.fragment) {
if (!msg.fragment || msg.fragment->empty()) {
if (msg.type == ContentType::application_data) {
msg.fragment = folly::IOBuf::create(0);
} else {
Expand Down
2 changes: 1 addition & 1 deletion fizz/record/test/EncryptedRecordTest.cpp
Expand Up @@ -180,7 +180,7 @@ TEST_F(EncryptedRecordTest, TestAllPaddingHandshake) {
expectSame(buf, "0123456789");
return getBuf("16000000");
}));
EXPECT_NO_THROW(read_.read(queue_));
EXPECT_ANY_THROW(read_.read(queue_));
}

TEST_F(EncryptedRecordTest, TestNoContentType) {
Expand Down

0 comments on commit 6bf6713

Please sign in to comment.