diff options
| author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-03-02 17:48:31 +0100 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2017-03-07 22:06:46 +0100 |
| commit | 9108068c252db468110a2113bf31760ecb677964 (patch) | |
| tree | 3a60d67c8b046216eeaa58241fc3456ca81b09f8 | |
| parent | 3c5c98e82e58e0d78eb8b41c8c1da88963a28106 (diff) | |
| download | gnutls-9108068c252db468110a2113bf31760ecb677964.tar.gz | |
alerts: separated record overflow from decode error alerts
Introduced GNUTLS_E_RECORD_OVERFLOW.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
| -rw-r--r-- | lib/alert.c | 3 | ||||
| -rw-r--r-- | lib/errors.c | 3 | ||||
| -rw-r--r-- | lib/includes/gnutls/gnutls.h.in | 3 | ||||
| -rw-r--r-- | lib/record.c | 3 |
4 files changed, 9 insertions, 3 deletions
diff --git a/lib/alert.c b/lib/alert.c index a4e30cf48c..0aa92e314e 100644 --- a/lib/alert.c +++ b/lib/alert.c @@ -201,6 +201,7 @@ int gnutls_error_to_alert(int err, int *level) ret = GNUTLS_A_BAD_RECORD_MAC; _level = GNUTLS_AL_FATAL; break; + case GNUTLS_E_UNEXPECTED_PACKET_LENGTH: case GNUTLS_E_UNEXPECTED_EXTENSIONS_LENGTH: ret = GNUTLS_A_DECODE_ERROR; _level = GNUTLS_AL_FATAL; @@ -273,7 +274,7 @@ int gnutls_error_to_alert(int err, int *level) ret = GNUTLS_A_UNSUPPORTED_CERTIFICATE; _level = GNUTLS_AL_FATAL; break; - case GNUTLS_E_UNEXPECTED_PACKET_LENGTH: + case GNUTLS_E_RECORD_OVERFLOW: ret = GNUTLS_A_RECORD_OVERFLOW; _level = GNUTLS_AL_FATAL; break; diff --git a/lib/errors.c b/lib/errors.c index 7dd7e149ee..7634eaee28 100644 --- a/lib/errors.c +++ b/lib/errors.c @@ -66,6 +66,9 @@ static const gnutls_error_entry error_entries[] = { ERROR_ENTRY(N_ ("A TLS packet with unexpected length was received."), GNUTLS_E_UNEXPECTED_PACKET_LENGTH), + ERROR_ENTRY(N_ + ("A TLS packet with unexpected length was received."), + GNUTLS_E_RECORD_OVERFLOW), ERROR_ENTRY(N_("The TLS connection was non-properly terminated."), GNUTLS_E_PREMATURE_TERMINATION), ERROR_ENTRY(N_ diff --git a/lib/includes/gnutls/gnutls.h.in b/lib/includes/gnutls/gnutls.h.in index 28b6d48044..5a071c0d04 100644 --- a/lib/includes/gnutls/gnutls.h.in +++ b/lib/includes/gnutls/gnutls.h.in @@ -2629,7 +2629,7 @@ unsigned gnutls_fips140_mode_enabled(void); #define GNUTLS_E_UNKNOWN_CIPHER_TYPE -6 #define GNUTLS_E_LARGE_PACKET -7 #define GNUTLS_E_UNSUPPORTED_VERSION_PACKET -8 /* GNUTLS_A_PROTOCOL_VERSION */ -#define GNUTLS_E_UNEXPECTED_PACKET_LENGTH -9 /* GNUTLS_A_RECORD_OVERFLOW */ +#define GNUTLS_E_UNEXPECTED_PACKET_LENGTH -9 /* GNUTLS_A_DECODE_ERROR */ #define GNUTLS_E_INVALID_SESSION -10 #define GNUTLS_E_FATAL_ALERT_RECEIVED -12 #define GNUTLS_E_UNEXPECTED_PACKET -15 /* GNUTLS_A_UNEXPECTED_MESSAGE */ @@ -2842,6 +2842,7 @@ unsigned gnutls_fips140_mode_enabled(void); #define GNUTLS_E_INVALID_UTF8_EMAIL -414 #define GNUTLS_E_INVALID_PASSWORD_STRING -415 #define GNUTLS_E_CERTIFICATE_TIME_ERROR -416 +#define GNUTLS_E_RECORD_OVERFLOW -417 /* GNUTLS_A_RECORD_OVERFLOW */ #define GNUTLS_E_UNIMPLEMENTED_FEATURE -1250 diff --git a/lib/record.c b/lib/record.c index 133f23e145..59b5ee114c 100644 --- a/lib/record.c +++ b/lib/record.c @@ -1104,7 +1104,7 @@ static int recv_headers(gnutls_session_t session, (session, "Received packet with illegal length: %u\n", (unsigned int) record->length); return - gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH); + gnutls_assert_val(GNUTLS_E_RECORD_OVERFLOW); } _gnutls_record_log @@ -1368,6 +1368,7 @@ _gnutls_recv_in_buffers(gnutls_session_t session, content_type_t type, if (IS_DTLS(session) && (ret == GNUTLS_E_DECRYPTION_FAILED || ret == GNUTLS_E_UNSUPPORTED_VERSION_PACKET || ret == GNUTLS_E_UNEXPECTED_PACKET_LENGTH || + ret == GNUTLS_E_RECORD_OVERFLOW || ret == GNUTLS_E_UNEXPECTED_PACKET || ret == GNUTLS_E_ERROR_IN_FINISHED_PACKET || ret == GNUTLS_E_UNEXPECTED_HANDSHAKE_PACKET)) { |