diff options
author | Daiki Ueno <dueno@redhat.com> | 2019-01-31 16:56:55 +0100 |
---|---|---|
committer | Daiki Ueno <dueno@redhat.com> | 2019-02-14 13:23:09 +0100 |
commit | 682f5b64707ff292dc2c912de540631ccd39ccc3 (patch) | |
tree | 805ac0bf8e89ad44df430cedf9896d17417a8558 | |
parent | bc1f99fa43f607fd307682680c82d94149640776 (diff) | |
download | gnutls-682f5b64707ff292dc2c912de540631ccd39ccc3.tar.gz |
decrypt_packet_tls13: add check for max plaintext size
There is check in _gnutls_recv_in_buffers already, but for TLS 1.3 we
need to take account of the padding.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
-rw-r--r-- | lib/cipher.c | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/lib/cipher.c b/lib/cipher.c index 3ea1cb1bb2..28075b00d1 100644 --- a/lib/cipher.c +++ b/lib/cipher.c @@ -872,6 +872,15 @@ decrypt_packet_tls13(gnutls_session_t session, if (unlikely(ret < 0)) return gnutls_assert_val(ret); + /* 1 octet for content type */ + if (length > max_decrypted_size(session) + 1) { + _gnutls_audit_log + (session, "Received packet with illegal length: %u\n", + (unsigned int) length); + + return gnutls_assert_val(GNUTLS_E_RECORD_OVERFLOW); + } + length_set = 0; /* now figure the actual data size. We intentionally iterate through all data, |