diff options
| author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2016-08-23 10:52:40 +0200 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2016-08-23 11:13:12 +0200 |
| commit | fc16297167d3008a79b506389dcf278febd3b8fa (patch) | |
| tree | ee0e4870ccb981fc5d761d4ae3737fb284ebe63b | |
| parent | 7944ecd4e6cff9126567efad39bd08402524ee74 (diff) | |
| download | gnutls-fc16297167d3008a79b506389dcf278febd3b8fa.tar.gz | |
client key exchange: fail if the client KX message is padded with additional bytes
| -rw-r--r-- | lib/auth_dh_common.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/lib/auth_dh_common.c b/lib/auth_dh_common.c index 8bcd42374e..acc574c2df 100644 --- a/lib/auth_dh_common.c +++ b/lib/auth_dh_common.c @@ -74,6 +74,9 @@ _gnutls_proc_dh_common_client_kx (gnutls_session_t session, return GNUTLS_E_MPI_SCAN_FAILED; } + if (data_size != 0) + return gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH); + _gnutls_dh_set_peer_public (session, session->key->client_Y); session->key->KEY = |