Check that a TLSv1.3 encrypted message has an app data content type

Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3436)
author: Matt Caswell <matt@openssl.org> 2017-05-11 10:16:08 +0100
committer: Matt Caswell <matt@openssl.org> 2017-05-11 13:13:04 +0100
commit: 3c544acc385ac39b77873c9cfa77c4ae5df956b5 (patch)
tree: e4076786289cb0136f6ac6847d937c4c515efbc9 /ssl
parent: 2d871227faf7f4e287caa04be43957f8e2df43a4 (diff)
download: openssl-3c544acc385ac39b77873c9cfa77c4ae5df956b5.tar.gz
1 files changed, 2 insertions, 1 deletions
diff --git a/ssl/record/ssl3_record.c b/ssl/record/ssl3_record.c
index 806ef43469..4b36f49b6d 100644
--- a/ssl/record/ssl3_record.c
+++ b/ssl/record/ssl3_record.c
@@ -618,7 +618,8 @@ int ssl3_get_record(SSL *s)
         if (SSL_IS_TLS13(s) && s->enc_read_ctx != NULL) {
             size_t end;
 
-            if (thisrr->length == 0) {
+            if (thisrr->length == 0
+                    || thisrr->type != SSL3_RT_APPLICATION_DATA) {
                 al = SSL_AD_UNEXPECTED_MESSAGE;
                 SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_BAD_RECORD_TYPE);
                 goto f_err;
author	Matt Caswell <matt@openssl.org>	2017-05-11 10:16:08 +0100
committer	Matt Caswell <matt@openssl.org>	2017-05-11 13:13:04 +0100
commit	3c544acc385ac39b77873c9cfa77c4ae5df956b5 (patch)
tree	e4076786289cb0136f6ac6847d937c4c515efbc9 /ssl
parent	2d871227faf7f4e287caa04be43957f8e2df43a4 (diff)
download	openssl-3c544acc385ac39b77873c9cfa77c4ae5df956b5.tar.gz