Assert that we do not exceed the DTLS MTU

author Matt Caswell <matt@openssl.org>

Wed, 26 Oct 2022 16:14:21 +0000 (17:14 +0100)

committer Matt Caswell <matt@openssl.org>

Mon, 7 Nov 2022 10:59:20 +0000 (10:59 +0000)
author Matt Caswell <matt@openssl.org>
Wed, 26 Oct 2022 16:14:21 +0000 (17:14 +0100)
committer Matt Caswell <matt@openssl.org>
Mon, 7 Nov 2022 10:59:20 +0000 (10:59 +0000)
diff --git a/ssl/statem/statem_dtls.c b/ssl/statem/statem_dtls.c

index 2e71014ef8aced4c4ef7ea014016b993633f75af..4effc584160824c730d018e8af66cf699eb97bfb 100644 (file)
--- a/ssl/statem/statem_dtls.c
+++ b/ssl/statem/statem_dtls.c
@@ -7,6 +7,7 @@
   * https://www.openssl.org/source/license.html
   */
  
+#include <assert.h>
  #include <limits.h>
  #include <string.h>
  #include <stdio.h>
@@ -255,6 +256,16 @@ int dtls1_do_write(SSL_CONNECTION *s, int type)
              if (!ossl_assert(len == written))
                  return -1;
  
+            /*
+             * We should not exceed the MTU size. If compression is in use
+             * then the max record overhead calculation is unreliable so we do
+             * not check in that case. We use assert rather than ossl_assert
+             * because in a production build, if this assert were ever to fail,
+             * then the best thing to do is probably carry on regardless.
+             */
+            assert(s->s3.tmp.new_compression != NULL
+                   || BIO_wpending(s->wbio) <= (int)s->d1->mtu);
+
              if (type == SSL3_RT_HANDSHAKE && !s->d1->retransmitting) {
                  /*
                   * should not be done for 'Hello Request's, but in that case
author	Matt Caswell <matt@openssl.org>
	Wed, 26 Oct 2022 16:14:21 +0000 (17:14 +0100)
committer	Matt Caswell <matt@openssl.org>
	Mon, 7 Nov 2022 10:59:20 +0000 (10:59 +0000)