summaryrefslogtreecommitdiff
path: root/lib/ext_server_name.c
diff options
context:
space:
mode:
authorSimon Josefsson <simon@josefsson.org>2008-05-19 10:34:08 +0200
committerSimon Josefsson <simon@josefsson.org>2008-05-19 14:05:37 +0200
commitbc8102405fda11ea00ca3b42acc4f4bce9d6e97b (patch)
treeceb27cb0bcabe8e208f4d5ad386339c4f03f9144 /lib/ext_server_name.c
parentc50290f4096cf4fcac9ff3bfc47bf4394e6adf04 (diff)
downloadgnutls-bc8102405fda11ea00ca3b42acc4f4bce9d6e97b.tar.gz
Fix GNUTLS-SA-2008-1 security vulnerabilities.
See http://www.gnu.org/software/gnutls/security.html for updates.
Diffstat (limited to 'lib/ext_server_name.c')
-rw-r--r--lib/ext_server_name.c27
1 files changed, 20 insertions, 7 deletions
diff --git a/lib/ext_server_name.c b/lib/ext_server_name.c
index 72e42ffb9f..a2db94939f 100644
--- a/lib/ext_server_name.c
+++ b/lib/ext_server_name.c
@@ -74,10 +74,27 @@ _gnutls_server_name_recv_params (gnutls_session_t session,
len = _gnutls_read_uint16 (p);
p += 2;
- DECR_LENGTH_RET (data_size, len, 0);
- server_names++;
+ if (len > 0)
+ {
+ DECR_LENGTH_RET (data_size, len, 0);
+ server_names++;
+ p += len;
+ }
+ else
+ _gnutls_handshake_log
+ ("HSK[%x]: Received zero size server name (under attack?)\n",
+ session);
- p += len;
+ }
+
+ /* we cannot accept more server names.
+ */
+ if (server_names > MAX_SERVER_NAME_EXTENSIONS)
+ {
+ _gnutls_handshake_log
+ ("HSK[%x]: Too many server names received (under attack?)\n",
+ session);
+ server_names = MAX_SERVER_NAME_EXTENSIONS;
}
session->security_parameters.extensions.server_names_size =
@@ -85,10 +102,6 @@ _gnutls_server_name_recv_params (gnutls_session_t session,
if (server_names == 0)
return 0; /* no names found */
- /* we cannot accept more server names.
- */
- if (server_names > MAX_SERVER_NAME_EXTENSIONS)
- server_names = MAX_SERVER_NAME_EXTENSIONS;
p = data + 2;
for (i = 0; i < server_names; i++)
View Lorry Controller Status