ext/signature: reject an extension with padded data

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
author: Nikos Mavrogiannopoulos <nmav@redhat.com> 2017-03-03 16:33:57 +0100
committer: Nikos Mavrogiannopoulos <nmav@gnutls.org> 2017-03-07 22:06:46 +0100
commit: 8813fd2ee0c2ef60af19f32f7ed5780b72fc9384 (patch)
tree: 40417f907e243a5cd977a8632c103681a0b2cfb3
parent: ef1fc57d142b56071c6191dd89f739c62e369ddb (diff)
download: gnutls-8813fd2ee0c2ef60af19f32f7ed5780b72fc9384.tar.gz
1 files changed, 3 insertions, 0 deletions
diff --git a/lib/ext/signature.c b/lib/ext/signature.c
index 795f149182..b6b0b14b9a 100644
--- a/lib/ext/signature.c
+++ b/lib/ext/signature.c
@@ -203,6 +203,9 @@ _gnutls_signature_algorithm_recv_params(gnutls_session_t session,
 			len = _gnutls_read_uint16(data);
 			DECR_LEN(data_size, len);
 
+			if (data_size > 0)
+				return gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH);
+
 			ret =
 			    _gnutls_sign_algorithm_parse_data(session,
 							      data + 2,
author	Nikos Mavrogiannopoulos <nmav@redhat.com>	2017-03-03 16:33:57 +0100
committer	Nikos Mavrogiannopoulos <nmav@gnutls.org>	2017-03-07 22:06:46 +0100
commit	8813fd2ee0c2ef60af19f32f7ed5780b72fc9384 (patch)
tree	40417f907e243a5cd977a8632c103681a0b2cfb3
parent	ef1fc57d142b56071c6191dd89f739c62e369ddb (diff)
download	gnutls-8813fd2ee0c2ef60af19f32f7ed5780b72fc9384.tar.gz