certificate request: corrected parsing of signature algorithms

That fixes an issue in TLS 1.3 certificate request message parsing. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
author: Nikos Mavrogiannopoulos <nmav@redhat.com> 2017-10-17 09:27:36 +0200
committer: Nikos Mavrogiannopoulos <nmav@gnutls.org> 2018-01-27 16:09:53 +0100
commit: 86e9eea40785c5ade52bf4919ed0e13704bde6f1 (patch)
tree: 78c0220761a3e440c049d5ef889feab6cba1bbea
parent: 98fb668933b2053c533b6544257e644e3ac64f25 (diff)
download: gnutls-86e9eea40785c5ade52bf4919ed0e13704bde6f1.tar.gz
1 files changed, 10 insertions, 0 deletions
diff --git a/lib/tls13/certificate_request.c b/lib/tls13/certificate_request.c
index 252762033a..959603f477 100644
--- a/lib/tls13/certificate_request.c
+++ b/lib/tls13/certificate_request.c
@@ -75,6 +75,16 @@ int parse_cert_extension(void *_ctx, uint16_t tls_id, const uint8_t *data, int d
 
 		session->internals.hsk_flags |= HSK_CRT_REQ_GOT_SIG_ALGO;
 
+		if (data_size < 2)
+			return gnutls_assert_val(GNUTLS_E_TLS_PACKET_DECODING_ERROR);
+
+		ret = _gnutls_read_uint16(data);
+		if (ret != data_size-2)
+			return gnutls_assert_val(GNUTLS_E_TLS_PACKET_DECODING_ERROR);
+
+		data += 2;
+		data_size -= 2;
+
 		ret = _gnutls_sign_algorithm_parse_data(session, data, data_size);
 		if (ret < 0)
 			return gnutls_assert_val(ret);
author	Nikos Mavrogiannopoulos <nmav@redhat.com>	2017-10-17 09:27:36 +0200
committer	Nikos Mavrogiannopoulos <nmav@gnutls.org>	2018-01-27 16:09:53 +0100
commit	86e9eea40785c5ade52bf4919ed0e13704bde6f1 (patch)
tree	78c0220761a3e440c049d5ef889feab6cba1bbea
parent	98fb668933b2053c533b6544257e644e3ac64f25 (diff)
download	gnutls-86e9eea40785c5ade52bf4919ed0e13704bde6f1.tar.gz