Merge branch 'tmp-check-iv-size' into 'master'

encrypt_packet_tls13: added explicit check on iv_size bounds See merge request gnutls/gnutls!767
author: Nikos Mavrogiannopoulos <nmav@gnutls.org> 2018-10-03 09:13:25 +0000
committer: Nikos Mavrogiannopoulos <nmav@gnutls.org> 2018-10-03 09:13:25 +0000
commit: df545da16ac0a1568801f9ded809c5a202b9ca00 (patch)
tree: 93f2ec43d0a23d35ddaf7a2d711707f8ef0332fd
parent: e1f442f1131cbf176a0063c07afddef2bfa4aef2 (diff)
parent: 24bf16fd86168b5410d8ae51c604c1bfe66f1b34 (diff)
download: gnutls-df545da16ac0a1568801f9ded809c5a202b9ca00.tar.gz
1 files changed, 3 insertions, 0 deletions
diff --git a/lib/cipher.c b/lib/cipher.c
index 3d999de8a6..3ea1cb1bb2 100644
--- a/lib/cipher.c
+++ b/lib/cipher.c
@@ -448,6 +448,9 @@ encrypt_packet_tls13(gnutls_session_t session,
 		return plain->size;
 	}
 
+	if (unlikely(iv_size < 8))
+		return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
+
 	memcpy(nonce, params->write.iv, iv_size);
 	memxor(&nonce[iv_size-8], UINT64DATA(params->write.sequence_number), 8);
author	Nikos Mavrogiannopoulos <nmav@gnutls.org>	2018-10-03 09:13:25 +0000
committer	Nikos Mavrogiannopoulos <nmav@gnutls.org>	2018-10-03 09:13:25 +0000
commit	df545da16ac0a1568801f9ded809c5a202b9ca00 (patch)
tree	93f2ec43d0a23d35ddaf7a2d711707f8ef0332fd
parent	e1f442f1131cbf176a0063c07afddef2bfa4aef2 (diff)
parent	24bf16fd86168b5410d8ae51c604c1bfe66f1b34 (diff)
download	gnutls-df545da16ac0a1568801f9ded809c5a202b9ca00.tar.gz