diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2014-05-04 12:48:25 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2016-08-09 15:53:13 +0200 |
commit | 030cacefe9011bbc7616f710c644ee87094df3d9 (patch) | |
tree | 7be17e66c5a7c4474b3cd97db64222e7d4d75fd1 | |
parent | 09f8137a7ee72de055e7055b1addefd01c30fa61 (diff) | |
download | gnutls-030cacefe9011bbc7616f710c644ee87094df3d9.tar.gz |
More precise packet length checking.
Issue discovered using valgrind and the Codenomicon TLS test suite.
-rw-r--r-- | lib/ext_safe_renegotiation.c | 11 | ||||
-rw-r--r-- | lib/ext_signature.c | 3 |
2 files changed, 8 insertions, 6 deletions
diff --git a/lib/ext_safe_renegotiation.c b/lib/ext_safe_renegotiation.c index c34d450ef2..af2445d630 100644 --- a/lib/ext_safe_renegotiation.c +++ b/lib/ext_safe_renegotiation.c @@ -258,11 +258,6 @@ _gnutls_ext_sr_send_cs (gnutls_session_t session) { set = 1; } - else if (ret < 0) - { - gnutls_assert (); - return ret; - } if (set != 0) { @@ -288,12 +283,16 @@ static int _gnutls_sr_recv_params (gnutls_session_t session, const opaque * data, size_t _data_size) { - int len = data[0]; + unsigned int len; ssize_t data_size = _data_size; sr_ext_st *priv; extension_priv_data_t epriv; int set = 0, ret; + if (data_size == 0) + return gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH); + + len = data[0]; DECR_LEN (data_size, len + 1 /* count the first byte and payload */ ); if (session->internals.priorities.sr == SR_DISABLED) diff --git a/lib/ext_signature.c b/lib/ext_signature.c index 008b026e28..c30e92aac9 100644 --- a/lib/ext_signature.c +++ b/lib/ext_signature.c @@ -131,6 +131,9 @@ _gnutls_sign_algorithm_parse_data (gnutls_session_t session, sig_ext_st *priv; extension_priv_data_t epriv; + if (data_size % 2 != 0) + return gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH); + priv = gnutls_calloc (1, sizeof (*priv)); if (priv == NULL) { |