diff options
author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-07-18 16:11:05 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-07-18 16:11:08 +0200 |
commit | cbee5d2fcfc2c2117099e67527eac1130e29c482 (patch) | |
tree | 3ed46b00dff7c60081531e4e97094a9f1b363487 | |
parent | 1e93735abfa0264d4f0eadb0e08a63f76074605c (diff) | |
download | gnutls-cbee5d2fcfc2c2117099e67527eac1130e29c482.tar.gz |
server_name: be strict in decoding errors
That is, return error when a malformed extension is seen.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
-rw-r--r-- | lib/ext/server_name.c | 11 |
1 files changed, 5 insertions, 6 deletions
diff --git a/lib/ext/server_name.c b/lib/ext/server_name.c index 579721b5eb..1b2c9d0ed9 100644 --- a/lib/ext/server_name.c +++ b/lib/ext/server_name.c @@ -79,15 +79,12 @@ _gnutls_server_name_recv_params(gnutls_session_t session, gnutls_ext_priv_data_t epriv; if (session->security_parameters.entity == GNUTLS_SERVER) { - DECR_LENGTH_RET(data_size, 2, 0); + DECR_LENGTH_RET(data_size, 2, GNUTLS_E_UNEXPECTED_PACKET_LENGTH); len = _gnutls_read_uint16(data); if (len != data_size) { - /* This is unexpected packet length, but - * just ignore it, for now. - */ gnutls_assert(); - return 0; + return GNUTLS_E_UNEXPECTED_PACKET_LENGTH; } p = data + 2; @@ -105,10 +102,12 @@ _gnutls_server_name_recv_params(gnutls_session_t session, DECR_LENGTH_RET(data_size, len, 0); server_names++; p += len; - } else + } else { _gnutls_handshake_log ("HSK[%p]: Received (0) size server name (under attack?)\n", session); + return gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH); + } } |