Skip to content
Permalink
Browse files

check that the given buffer length is >= size + 4

otherwise, split will raise an invalid_argument exception
(impact on pinata: ABORTED)
  • Loading branch information
hannesm committed Feb 27, 2015
1 parent cd490e8 commit 80117871679d57dde8c8e3b73392024ef4b42c38
Showing with 4 additions and 5 deletions.
  1. +4 −5 lib/engine.ml
@@ -315,14 +315,13 @@ let hs_can_handle_appdata s =
| _ -> true

let rec separate_handshakes buf =
let open Cstruct in
if len buf < 4 then
if Cstruct.len buf < 4 then
return ([], buf)
else
match Reader.parse_handshake_length buf with
| size when size > len buf -> return ([], buf)
| size ->
let hs, rest = split buf (size + 4) in
| size when (size + 4) > Cstruct.len buf -> return ([], buf)
| size ->
let hs, rest = Cstruct.split buf (size + 4) in
separate_handshakes rest >|= fun (rt, frag) ->
(hs :: rt, frag)

0 comments on commit 8011787

Please sign in to comment.
You can’t perform that action at this time.