record_add_to_buffers: check if there is an incomplete handshake header

The function checks if a Handshake message is interleaved with an Application Data, but the check was insuffient because it assumed that a complete header is received in the buffer. Signed-off-by: Daiki Ueno <dueno@redhat.com>
author: Daiki Ueno <dueno@redhat.com> 2019-05-21 08:32:21 +0200
committer: Daiki Ueno <dueno@redhat.com> 2019-05-22 10:38:48 +0200
commit: 62ef33c0b97a36f370903d5e8717800ccb78f8cb (patch)
tree: e66a2dd24010fd6923c61bd2efddad2833da0c2c
parent: 27ec82e781b3960693cd4550440ab7c1664553b8 (diff)
download: gnutls-62ef33c0b97a36f370903d5e8717800ccb78f8cb.tar.gz
1 files changed, 3 insertions, 1 deletions
diff --git a/lib/record.c b/lib/record.c
index 7d661e2309..e17bebacdf 100644
--- a/lib/record.c
+++ b/lib/record.c
@@ -824,7 +824,9 @@ record_add_to_buffers(gnutls_session_t session,
 
 		/* application data cannot be inserted between (async) handshake
 		 * messages */
-		if (type == GNUTLS_APPLICATION_DATA && session->internals.handshake_recv_buffer_size != 0) {
+		if (type == GNUTLS_APPLICATION_DATA &&
+		    (session->internals.handshake_recv_buffer_size != 0 ||
+		     session->internals.handshake_header_recv_buffer.length != 0)) {
 			ret = gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET);
 			goto unexpected_packet;
 		}
author	Daiki Ueno <dueno@redhat.com>	2019-05-21 08:32:21 +0200
committer	Daiki Ueno <dueno@redhat.com>	2019-05-22 10:38:48 +0200
commit	62ef33c0b97a36f370903d5e8717800ccb78f8cb (patch)
tree	e66a2dd24010fd6923c61bd2efddad2833da0c2c
parent	27ec82e781b3960693cd4550440ab7c1664553b8 (diff)
download	gnutls-62ef33c0b97a36f370903d5e8717800ccb78f8cb.tar.gz