Fix error codes for unsolicited compressed certificate

Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
author: Zoltan Fridrich <zfridric@redhat.com> 2023-01-02 13:25:14 +0100
committer: Zoltan Fridrich <zfridric@redhat.com> 2023-01-10 17:02:47 +0100
commit: 9fa9891e01896811a9c44c54844d44c48534d75e (patch)
tree: e8d30ec29f241fedaeabc4a4925dba1bd53d095e
parent: c89a1eb62d8e669a7b6825e7aefd9382488f5319 (diff)
download: gnutls-9fa9891e01896811a9c44c54844d44c48534d75e.tar.gz
1 files changed, 5 insertions, 1 deletions
diff --git a/lib/tls13/certificate.c b/lib/tls13/certificate.c
index 4059db38de..a9e7c312b5 100644
--- a/lib/tls13/certificate.c
+++ b/lib/tls13/certificate.c
@@ -60,7 +60,11 @@ int _gnutls13_recv_certificate(gnutls_session_t session)
 	if (ret == GNUTLS_E_UNEXPECTED_HANDSHAKE_PACKET) {
 		/* check if we received compressed certificate */
 		err = _gnutls_recv_handshake(session, GNUTLS_HANDSHAKE_COMPRESSED_CERTIFICATE_PKT, 0, &buf);
-		if (err >= 0 && (session->internals.hsk_flags & HSK_COMP_CRT_REQ_SENT)) {
+		if (err >= 0) {
+			/* fail if we receive unsolicited compressed certificate */
+			if (!(session->internals.hsk_flags & HSK_COMP_CRT_REQ_SENT))
+				return gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET);
+
 			decompress_cert = 1;
 			ret = err;
 		}
author	Zoltan Fridrich <zfridric@redhat.com>	2023-01-02 13:25:14 +0100
committer	Zoltan Fridrich <zfridric@redhat.com>	2023-01-10 17:02:47 +0100
commit	9fa9891e01896811a9c44c54844d44c48534d75e (patch)
tree	e8d30ec29f241fedaeabc4a4925dba1bd53d095e
parent	c89a1eb62d8e669a7b6825e7aefd9382488f5319 (diff)
download	gnutls-9fa9891e01896811a9c44c54844d44c48534d75e.tar.gz