1 files changed, 19 insertions, 0 deletions

diff --git a/src/ssl/tls_record.c b/src/ssl/tls_record.c
index 36e31b4..bdc5c01 100644
--- a/src/ssl/tls_record.c
+++ b/src/ssl/tls_record.c
@@ -114,6 +114,7 @@
 #include <openssl/err.h>
 
 #include "internal.h"
+#include "../crypto/internal.h"
 
 
 /* kMaxEmptyRecords is the number of consecutive, empty records that will be
@@ -122,6 +123,16 @@
  * forever. */
 static const uint8_t kMaxEmptyRecords = 32;
 
+static struct CRYPTO_STATIC_MUTEX g_big_buffer_lock = CRYPTO_STATIC_MUTEX_INIT;
+static uint64_t g_big_buffer_use_count = 0;
+
+uint64_t OPENSSL_get_big_buffer_use_count(void) {
+  CRYPTO_STATIC_MUTEX_lock_read(&g_big_buffer_lock);
+  uint64_t ret = g_big_buffer_use_count;
+  CRYPTO_STATIC_MUTEX_unlock(&g_big_buffer_lock);
+  return ret;
+}
+
 size_t ssl_record_prefix_len(const SSL *ssl) {
   if (SSL_IS_DTLS(ssl)) {
     return DTLS1_RT_HEADER_LENGTH +
@@ -230,6 +241,14 @@ enum ssl_open_record_t tls_open_record(
     return ssl_open_record_error;
   }
 
+  if (extra > 0 &&
+      (ciphertext_len > SSL3_RT_MAX_ENCRYPTED_LENGTH ||
+       plaintext_len > SSL3_RT_MAX_PLAIN_LENGTH)) {
+    CRYPTO_STATIC_MUTEX_lock_write(&g_big_buffer_lock);
+    g_big_buffer_use_count++;
+    CRYPTO_STATIC_MUTEX_unlock(&g_big_buffer_lock);
+  }
+
   /* Limit the number of consecutive empty records. */
   if (plaintext_len == 0) {
     ssl->s3->empty_record_count++;