Merge pull request #8777 from rizlik/dtls_reject_v11

Drop DTLS packets with bogus minor version number

Author: douzzer

src/internal.c

@@ -11788,6 +11788,10 @@ static int GetDtlsRecordHeader(WOLFSSL* ssl, word32* inOutIdx,
     *inOutIdx += ENUM_LEN + VERSION_SZ;
     ato16(ssl->buffers.inputBuffer.buffer + *inOutIdx, &ssl->keys.curEpoch);
 
+    if (rh->pvMajor == DTLS_MAJOR && rh->pvMinor == DTLS_BOGUS_MINOR) {
+        return SEQUENCE_ERROR;
+    }
+
 #ifdef WOLFSSL_DTLS_CID
     if (rh->type == dtls12_cid && (cidSz = DtlsGetCidRxSize(ssl)) == 0)
         return DTLS_CID_ERROR;

tests/api.c

@@ -68025,6 +68025,7 @@ TEST_CASE testCases[] = {
     TEST_DECL(test_wolfSSL_dtls_cid_parse),
     TEST_DECL(test_dtls13_epochs),
     TEST_DECL(test_dtls13_ack_order),
+    TEST_DECL(test_dtls_version_checking),
     TEST_DECL(test_ocsp_status_callback),
     TEST_DECL(test_ocsp_basic_verify),
     TEST_DECL(test_ocsp_response_parsing),

tests/api/test_dtls.c

@@ -727,3 +727,52 @@ int test_dtls13_ack_order(void)
 #endif
     return EXPECT_RESULT();
 }
+
+int test_dtls_version_checking(void)
+{
+    EXPECT_DECLS;
+#if defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && defined(WOLFSSL_DTLS)
+    WOLFSSL_CTX *ctx_c = NULL, *ctx_s = NULL;
+    WOLFSSL *ssl_c = NULL, *ssl_s = NULL;
+    struct test_memio_ctx test_ctx;
+
+    XMEMSET(&test_ctx, 0, sizeof(test_ctx));
+
+    ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s,
+                    wolfDTLSv1_2_client_method, wolfDTLSv1_2_server_method),
+        0);
+
+    /* CH */
+    ExpectIntEQ(wolfSSL_connect(ssl_c), WOLFSSL_FATAL_ERROR);
+    ExpectIntEQ(wolfSSL_get_error(ssl_c, WOLFSSL_FATAL_ERROR),
+        WOLFSSL_ERROR_WANT_READ);
+
+    /* modify CH DTLS header to have version 1.1 (0xfe, 0xfe) */
+    ExpectIntGE(test_ctx.s_len, 3);
+    if (EXPECT_SUCCESS()) {
+        test_ctx.s_buff[1] = 0xfe;
+        test_ctx.s_buff[2] = 0xfe;
+    }
+
+    ExpectIntEQ(wolfSSL_accept(ssl_s), WOLFSSL_FATAL_ERROR);
+    ExpectIntEQ(wolfSSL_get_error(ssl_s, WOLFSSL_FATAL_ERROR),
+        WOLFSSL_ERROR_WANT_READ);
+    /* server should drop the message */
+    ExpectIntEQ(test_ctx.c_len, 0);
+
+    wolfSSL_free(ssl_c);
+    ssl_c = wolfSSL_new(ctx_c);
+    ExpectNotNull(ssl_c);
+    wolfSSL_SetIOWriteCtx(ssl_c, &test_ctx);
+    wolfSSL_SetIOReadCtx(ssl_c, &test_ctx);
+
+    /* try again */
+    ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0);
+
+    wolfSSL_free(ssl_c);
+    wolfSSL_CTX_free(ctx_c);
+    wolfSSL_free(ssl_s);
+    wolfSSL_CTX_free(ctx_s);
+#endif /* HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES && WOLFSSL_DTLS */
+    return EXPECT_RESULT();
+}

tests/api/test_dtls.h

@@ -27,5 +27,6 @@ int test_dtls13_basic_connection_id(void);
 int test_wolfSSL_dtls_cid_parse(void);
 int test_dtls13_epochs(void);
 int test_dtls13_ack_order(void);
+int test_dtls_version_checking(void);
 
 #endif /* TESTS_API_DTLS_H */