From 473311269d095c076435b34243e324f251d12813 Mon Sep 17 00:00:00 2001 From: Tatsuhiro Tsujikawa Date: Thu, 13 Aug 2015 01:24:59 +0900 Subject: [PATCH] nghttpx: Drop connection if client TLS handshake packet is too large --- src/shrpx_connection.cc | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/src/shrpx_connection.cc b/src/shrpx_connection.cc index 0a9a77bb..e694fb58 100644 --- a/src/shrpx_connection.cc +++ b/src/shrpx_connection.cc @@ -341,6 +341,13 @@ int Connection::tls_handshake() { auto err = SSL_get_error(tls.ssl, rv); switch (err) { case SSL_ERROR_WANT_READ: + if (read_buffer_full(tls.rbuf)) { + if (LOG_ENABLED(INFO)) { + LOG(INFO) << "tls: handshake message is too large"; + } + return -1; + } + break; case SSL_ERROR_WANT_WRITE: break; default: