diff options
author | Daiki Ueno <dueno@redhat.com> | 2018-08-02 15:44:15 +0200 |
---|---|---|
committer | Daiki Ueno <dueno@redhat.com> | 2018-08-06 12:36:39 +0200 |
commit | 12f121313e7b1614192db3dcc185a57b216a3dc4 (patch) | |
tree | bc90e8f7059f21c3d326e3630c9e124b66df95a1 | |
parent | c4ba0c1d0123dd80d3a7751b413e6756216a866a (diff) | |
download | gnutls-12f121313e7b1614192db3dcc185a57b216a3dc4.tar.gz |
record: send unexpected_message upon empty unencrypted records
Signed-off-by: Daiki Ueno <dueno@redhat.com>
-rw-r--r-- | lib/record.c | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/lib/record.c b/lib/record.c index 4589765524..96bf5736a9 100644 --- a/lib/record.c +++ b/lib/record.c @@ -1190,8 +1190,15 @@ static int recv_headers(gnutls_session_t session, (session, "Received packet with illegal length: %u\n", (unsigned int) record->length); - if (record->length == 0) + if (record->length == 0) { + /* Empty, unencrypted records are always unexpected. */ + if (record_params->cipher->id == GNUTLS_CIPHER_NULL) + return + gnutls_assert_val + (GNUTLS_E_UNEXPECTED_PACKET); + return gnutls_assert_val(GNUTLS_E_DECRYPTION_FAILED); + } return gnutls_assert_val(GNUTLS_E_RECORD_OVERFLOW); } |