server_name: be strict in decoding errors

That is, return error when a malformed extension is seen. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
author: Nikos Mavrogiannopoulos <nmav@redhat.com> 2017-07-18 16:11:05 +0200
committer: Nikos Mavrogiannopoulos <nmav@redhat.com> 2017-07-18 16:11:08 +0200
commit: cbee5d2fcfc2c2117099e67527eac1130e29c482 (patch)
tree: 3ed46b00dff7c60081531e4e97094a9f1b363487
parent: 1e93735abfa0264d4f0eadb0e08a63f76074605c (diff)
download: gnutls-cbee5d2fcfc2c2117099e67527eac1130e29c482.tar.gz
1 files changed, 5 insertions, 6 deletions
diff --git a/lib/ext/server_name.c b/lib/ext/server_name.c
index 579721b5eb..1b2c9d0ed9 100644
--- a/lib/ext/server_name.c
+++ b/lib/ext/server_name.c
@@ -79,15 +79,12 @@ _gnutls_server_name_recv_params(gnutls_session_t session,
 	gnutls_ext_priv_data_t epriv;
 
 	if (session->security_parameters.entity == GNUTLS_SERVER) {
-		DECR_LENGTH_RET(data_size, 2, 0);
+		DECR_LENGTH_RET(data_size, 2, GNUTLS_E_UNEXPECTED_PACKET_LENGTH);
 		len = _gnutls_read_uint16(data);
 
 		if (len != data_size) {
-			/* This is unexpected packet length, but
-			 * just ignore it, for now.
-			 */
 			gnutls_assert();
-			return 0;
+			return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
 		}
 
 		p = data + 2;
@@ -105,10 +102,12 @@ _gnutls_server_name_recv_params(gnutls_session_t session,
 				DECR_LENGTH_RET(data_size, len, 0);
 				server_names++;
 				p += len;
-			} else
+			} else {
 				_gnutls_handshake_log
 				    ("HSK[%p]: Received (0) size server name (under attack?)\n",
 				     session);
+				return gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH);
+			}
 
 		}
author	Nikos Mavrogiannopoulos <nmav@redhat.com>	2017-07-18 16:11:05 +0200
committer	Nikos Mavrogiannopoulos <nmav@redhat.com>	2017-07-18 16:11:08 +0200
commit	cbee5d2fcfc2c2117099e67527eac1130e29c482 (patch)
tree	3ed46b00dff7c60081531e4e97094a9f1b363487
parent	1e93735abfa0264d4f0eadb0e08a63f76074605c (diff)
download	gnutls-cbee5d2fcfc2c2117099e67527eac1130e29c482.tar.gz