diff options
| author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2014-04-11 14:13:32 +0200 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2014-04-11 14:13:36 +0200 |
| commit | f923d725222a2ec764e5b99334348327e61bf0f3 (patch) | |
| tree | b487863cc9efa93e6fbf1b5e4959897d1049c1e5 | |
| parent | 39aaa63a1a4cb8432e090887f38241afb2b264a6 (diff) | |
| download | gnutls-f923d725222a2ec764e5b99334348327e61bf0f3.tar.gz | |
More strict checking of heartbeat padding size boundaries.
This will let us enforce RFC6520 minimum size for padding. Suggest by Peter Williams; initially investigated by Frank Li.
| -rw-r--r-- | lib/ext/heartbeat.c | 16 |
1 files changed, 8 insertions, 8 deletions
diff --git a/lib/ext/heartbeat.c b/lib/ext/heartbeat.c index c13efea8db..27707a215a 100644 --- a/lib/ext/heartbeat.c +++ b/lib/ext/heartbeat.c @@ -90,7 +90,7 @@ int gnutls_heartbeat_allowed(gnutls_session_t session, unsigned int type) return 0; } -#define DEFAULT_PAYLOAD_SIZE 16 +#define DEFAULT_PADDING_SIZE 16 /* * Sends heartbeat data. @@ -102,7 +102,7 @@ heartbeat_send_data(gnutls_session_t session, const void *data, int ret, pos; uint8_t *response; - response = gnutls_malloc(1 + 2 + data_size + DEFAULT_PAYLOAD_SIZE); + response = gnutls_malloc(1 + 2 + data_size + DEFAULT_PADDING_SIZE); if (response == NULL) return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR); @@ -117,12 +117,12 @@ heartbeat_send_data(gnutls_session_t session, const void *data, ret = gnutls_rnd(GNUTLS_RND_NONCE, &response[pos], - DEFAULT_PAYLOAD_SIZE); + DEFAULT_PADDING_SIZE); if (ret < 0) { gnutls_assert(); goto cleanup; } - pos += DEFAULT_PAYLOAD_SIZE; + pos += DEFAULT_PADDING_SIZE; ret = _gnutls_send_int(session, GNUTLS_HEARTBEAT, -1, @@ -177,8 +177,8 @@ gnutls_heartbeat_ping(gnutls_session_t session, size_t data_size, switch (session->internals.hb_state) { case SHB_SEND1: - if (data_size > DEFAULT_PAYLOAD_SIZE) - data_size -= DEFAULT_PAYLOAD_SIZE; + if (data_size > DEFAULT_PADDING_SIZE) + data_size -= DEFAULT_PADDING_SIZE; else data_size = 0; @@ -318,7 +318,7 @@ int _gnutls_heartbeat_handle(gnutls_session_t session, mbuffer_st * bufel) (session, GNUTLS_HB_PEER_ALLOWED_TO_SEND) == 0) return gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET); - if (len < 4) + if (len < 3 + DEFAULT_PADDING_SIZE) return gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH); @@ -326,7 +326,7 @@ int _gnutls_heartbeat_handle(gnutls_session_t session, mbuffer_st * bufel) type = msg[pos++]; hb_len = _gnutls_read_uint16(&msg[pos]); - if (hb_len > len - 3) + if (hb_len > len - 3 - DEFAULT_PADDING_SIZE) return gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH); |