cert: ensure that there are no leftovers in certificate msg

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
author: Nikos Mavrogiannopoulos <nmav@redhat.com> 2017-03-28 09:01:25 +0200
committer: Nikos Mavrogiannopoulos <nmav@redhat.com> 2017-03-28 09:30:50 +0200
commit: 825961bb1d9f84eee1ce2eff3e22d20a40a0f617 (patch)
tree: 11ae23824735171d2861b1a1627caca40287b312 /lib/auth
parent: d189cd7979450c2d6d2c1fa3ec4ae0584c82525c (diff)
download: gnutls-825961bb1d9f84eee1ce2eff3e22d20a40a0f617.tar.gz
1 files changed, 6 insertions, 1 deletions
diff --git a/lib/auth/cert.c b/lib/auth/cert.c
index 653240b915..75f77115e4 100644
--- a/lib/auth/cert.c
+++ b/lib/auth/cert.c
@@ -1,5 +1,6 @@
 /*
  * Copyright (C) 2001-2012 Free Software Foundation, Inc.
+ * Copyright (C) 2017 Red Hat, Inc.
  *
  * Author: Nikos Mavrogiannopoulos
  *
@@ -1011,10 +1012,14 @@ _gnutls_proc_x509_server_crt(gnutls_session_t session,
 	size = _gnutls_read_uint24(p);
 	p += 3;
 
+	/* ensure no discrepancy in data */
+	if (size != dsize)
+		return gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH);
+
 	/* some implementations send 0B 00 00 06 00 00 03 00 00 00
 	 * instead of just 0B 00 00 03 00 00 00 as an empty certificate message.
 	 */
-	if (size == 0 || size == 3) {
+	if (size == 0 || (size == 3 && memcmp(p, "\x00\x00\x00", 3) == 0)) {
 		gnutls_assert();
 		/* no certificate was sent */
 		return GNUTLS_E_NO_CERTIFICATE_FOUND;
author	Nikos Mavrogiannopoulos <nmav@redhat.com>	2017-03-28 09:01:25 +0200
committer	Nikos Mavrogiannopoulos <nmav@redhat.com>	2017-03-28 09:30:50 +0200
commit	825961bb1d9f84eee1ce2eff3e22d20a40a0f617 (patch)
tree	11ae23824735171d2861b1a1627caca40287b312 /lib/auth
parent	d189cd7979450c2d6d2c1fa3ec4ae0584c82525c (diff)
download	gnutls-825961bb1d9f84eee1ce2eff3e22d20a40a0f617.tar.gz