diff options
author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-03-03 15:16:59 +0100 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2017-03-07 22:06:46 +0100 |
commit | 919ceb7bb47ce7545d0b0f275844929fc5e7523b (patch) | |
tree | cc0f0ed47d04c409412a5b64d1898f0bc702c633 | |
parent | ea691210901897e5670bddc4350641e9c18d64e1 (diff) | |
download | gnutls-919ceb7bb47ce7545d0b0f275844929fc5e7523b.tar.gz |
read_client_hello: fail early on illegally formatted message
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
-rw-r--r-- | lib/extensions.c | 4 | ||||
-rw-r--r-- | lib/handshake.c | 6 |
2 files changed, 9 insertions, 1 deletions
diff --git a/lib/extensions.c b/lib/extensions.c index ee7165d039..b2a89b8f8a 100644 --- a/lib/extensions.c +++ b/lib/extensions.c @@ -222,8 +222,10 @@ _gnutls_parse_extensions(gnutls_session_t session, [i])); } #endif + if (data_size == 0) + return 0; - DECR_LENGTH_RET(data_size, 2, 0); + DECR_LENGTH_RET(data_size, 2, GNUTLS_E_UNEXPECTED_EXTENSIONS_LENGTH); next = _gnutls_read_uint16(data); pos += 2; diff --git a/lib/handshake.c b/lib/handshake.c index 548881bfaa..135aaa2678 100644 --- a/lib/handshake.c +++ b/lib/handshake.c @@ -518,6 +518,9 @@ read_client_hello(gnutls_session_t session, uint8_t * data, suite_size = _gnutls_read_uint16(&data[pos]); pos += 2; + if (suite_size == 0 || (suite_size % 2) != 0) + return gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH); + suite_ptr = &data[pos]; DECR_LEN(len, suite_size); pos += suite_size; @@ -525,6 +528,9 @@ read_client_hello(gnutls_session_t session, uint8_t * data, DECR_LEN(len, 1); comp_size = data[pos++]; /* the number of compression methods */ + if (comp_size == 0) + return gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH); + comp_ptr = &data[pos]; DECR_LEN(len, comp_size); pos += comp_size; |