From: Alan T. DeKok <aland@freeradius.org>
Date: Wed, 24 Jul 2024 15:18:01 +0000 (-0700)
Subject: don't read length field if there might not be a length field
X-Git-Tag: release_3_2_6~35
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c4fbd097429fee9d9ab6be0f8b3a60523199b46c;p=thirdparty%2Ffreeradius-server.git

don't read length field if there might not be a length field
---

diff --git a/src/main/tls_listen.c b/src/main/tls_listen.c
index 63a50e9c592..3b3b4088794 100644
--- a/src/main/tls_listen.c
+++ b/src/main/tls_listen.c
@@ -665,8 +665,13 @@ read_application_data:
 	 *	If the packet is a complete RADIUS packet, return it to
 	 *	the caller.  Otherwise...
 	 */
-	if ((sock->ssn->clean_out.used < 20) ||
-	    ((int) sock->ssn->clean_out.used) < ((sock->ssn->clean_out.data[2] << 8) | sock->ssn->clean_out.data[3])) {
+	if (sock->ssn->clean_out.used < 20) {
+		RDEBUG3("(TLS) Received partial packet (have %zu, want >=20), waiting for more.",
+			sock->ssn->clean_out.used);
+		return 0;
+	}
+
+	if (((int) sock->ssn->clean_out.used) < ((sock->ssn->clean_out.data[2] << 8) | sock->ssn->clean_out.data[3])) {
 		RDEBUG3("(TLS) Received partial packet (have %zu, want %u), waiting for more.",
 			sock->ssn->clean_out.used, (sock->ssn->clean_out.data[2] << 8) | sock->ssn->clean_out.data[3]);
 		return 0;