diff options
| author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-03-06 13:51:33 +0100 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2017-03-07 22:06:46 +0100 |
| commit | c53052c5edbdc0828f08b77d5e9a76b82486a0c5 (patch) | |
| tree | 1c27daba7bde9ee370ad33679899115da0608463 | |
| parent | 8813fd2ee0c2ef60af19f32f7ed5780b72fc9384 (diff) | |
| download | gnutls-c53052c5edbdc0828f08b77d5e9a76b82486a0c5.tar.gz | |
read_client_hello: use integer for extensions size
As we do not read the value directly, but rather assign to it
the remaining data, we ensure that there are no overflows if
we have additional data past the extensions field. The integer
can hold more than 2^24 which is the maximum handshake packet
size.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
| -rw-r--r-- | lib/handshake.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/lib/handshake.c b/lib/handshake.c index 135aaa2678..4150d33b43 100644 --- a/lib/handshake.c +++ b/lib/handshake.c @@ -448,7 +448,8 @@ read_client_hello(gnutls_session_t session, uint8_t * data, { uint8_t session_id_len; int pos = 0, ret; - uint16_t suite_size, comp_size, ext_size; + uint16_t suite_size, comp_size; + int ext_size; gnutls_protocol_t adv_version; int neg_version, sret = 0; int len = datalen; |