_gnutls_parse_extensions: do not fail on empty extensions field

On the other hand, fail if an empty extensions field is seen, but
the client hello contains data nevertheless, or if the extensions
field is padded with additional unaccounted data.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

1 files changed, 9 insertions, 1 deletions

diff --git a/lib/extensions.c b/lib/extensions.c
index 4aa9444a86..ee7165d039 100644
--- a/lib/extensions.c
+++ b/lib/extensions.c
@@ -229,6 +229,11 @@ _gnutls_parse_extensions(gnutls_session_t session,
 
 	DECR_LENGTH_RET(data_size, next, GNUTLS_E_UNEXPECTED_EXTENSIONS_LENGTH);
 
+	if (next == 0 && data_size == 0) /* field is present, but has zero length? Ignore it. */
+		return 0;
+	else if (data_size > 0) /* forbid unaccounted data */
+		return gnutls_assert_val(GNUTLS_E_UNEXPECTED_EXTENSIONS_LENGTH);
+
 	do {
 		DECR_LENGTH_RET(next, 2, GNUTLS_E_UNEXPECTED_EXTENSIONS_LENGTH);
 		type = _gnutls_read_uint16(&data[pos]);
@@ -273,10 +278,13 @@ _gnutls_parse_extensions(gnutls_session_t session,
 			gnutls_assert();
 			return ret;
 		}
-
 	}
 	while (next > 2);
 
+	/* forbid leftovers */
+	if (next > 0)
+		return gnutls_assert_val(GNUTLS_E_UNEXPECTED_EXTENSIONS_LENGTH);
+
 	return 0;
 
 }