record: send unexpected_message upon empty unencrypted records

Signed-off-by: Daiki Ueno <dueno@redhat.com>
author: Daiki Ueno <dueno@redhat.com> 2018-08-02 15:44:15 +0200
committer: Daiki Ueno <dueno@redhat.com> 2018-08-06 12:36:39 +0200
commit: 12f121313e7b1614192db3dcc185a57b216a3dc4 (patch)
tree: bc90e8f7059f21c3d326e3630c9e124b66df95a1
parent: c4ba0c1d0123dd80d3a7751b413e6756216a866a (diff)
download: gnutls-12f121313e7b1614192db3dcc185a57b216a3dc4.tar.gz
1 files changed, 8 insertions, 1 deletions
diff --git a/lib/record.c b/lib/record.c
index 4589765524..96bf5736a9 100644
--- a/lib/record.c
+++ b/lib/record.c
@@ -1190,8 +1190,15 @@ static int recv_headers(gnutls_session_t session,
 		    (session, "Received packet with illegal length: %u\n",
 		     (unsigned int) record->length);
 
-		if (record->length == 0)
+		if (record->length == 0) {
+			/* Empty, unencrypted records are always unexpected. */
+			if (record_params->cipher->id == GNUTLS_CIPHER_NULL)
+				return
+				    gnutls_assert_val
+				    (GNUTLS_E_UNEXPECTED_PACKET);
+
 			return gnutls_assert_val(GNUTLS_E_DECRYPTION_FAILED);
+		}
 		return
 		    gnutls_assert_val(GNUTLS_E_RECORD_OVERFLOW);
 	}
author	Daiki Ueno <dueno@redhat.com>	2018-08-02 15:44:15 +0200
committer	Daiki Ueno <dueno@redhat.com>	2018-08-06 12:36:39 +0200
commit	12f121313e7b1614192db3dcc185a57b216a3dc4 (patch)
tree	bc90e8f7059f21c3d326e3630c9e124b66df95a1
parent	c4ba0c1d0123dd80d3a7751b413e6756216a866a (diff)
download	gnutls-12f121313e7b1614192db3dcc185a57b216a3dc4.tar.gz