diff options
| author | Daiki Ueno <dueno@redhat.com> | 2019-01-25 17:00:44 +0100 |
|---|---|---|
| committer | Daiki Ueno <dueno@redhat.com> | 2019-02-14 13:23:09 +0100 |
| commit | bc1f99fa43f607fd307682680c82d94149640776 (patch) | |
| tree | 88997385a5391a527c1760f94bab35536c53a3a4 | |
| parent | b39d33868fbf7c662cdb0deb43b7558af8c12949 (diff) | |
| download | gnutls-bc1f99fa43f607fd307682680c82d94149640776.tar.gz | |
record: reject too large plaintext after decryption
Signed-off-by: Daiki Ueno <dueno@redhat.com>
| -rw-r--r-- | lib/record.c | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/lib/record.c b/lib/record.c index 2dc997d09b..08aad540db 100644 --- a/lib/record.c +++ b/lib/record.c @@ -1547,6 +1547,15 @@ _gnutls_recv_in_buffers(gnutls_session_t session, content_type_t type, goto begin; } + if (_mbuffer_get_udata_size(decrypted) > max_decrypted_size(session)) { + _gnutls_audit_log + (session, "Received packet with illegal length: %u\n", + (unsigned int) ret); + + ret = gnutls_assert_val(GNUTLS_E_RECORD_OVERFLOW); + goto sanity_check_error; + } + #ifdef ENABLE_SSL2 if (record.v2) { decrypted->htype = GNUTLS_HANDSHAKE_CLIENT_HELLO_V2; |