certificate request: corrected parsing of signature algorithms

That fixes an issue in TLS 1.3 certificate request message parsing. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
author: Nikos Mavrogiannopoulos <nmav@redhat.com> 2017-10-17 09:27:36 +0200
committer: Nikos Mavrogiannopoulos <nmav@redhat.com> 2018-02-19 15:29:36 +0100
commit: 0370682c4f6d822b499c5c1f7929d23c3525bf82 (patch)
tree: 83c4f21c26565517a6fd81e342187b76310ea8ff /lib/tls13/certificate_request.c
parent: 2b8c115f892b4b266e084ceddd7cd546b3b84670 (diff)
download: gnutls-0370682c4f6d822b499c5c1f7929d23c3525bf82.tar.gz
1 files changed, 10 insertions, 0 deletions
diff --git a/lib/tls13/certificate_request.c b/lib/tls13/certificate_request.c
index 252762033a..959603f477 100644
--- a/lib/tls13/certificate_request.c
+++ b/lib/tls13/certificate_request.c
@@ -75,6 +75,16 @@ int parse_cert_extension(void *_ctx, uint16_t tls_id, const uint8_t *data, int d
 
 		session->internals.hsk_flags |= HSK_CRT_REQ_GOT_SIG_ALGO;
 
+		if (data_size < 2)
+			return gnutls_assert_val(GNUTLS_E_TLS_PACKET_DECODING_ERROR);
+
+		ret = _gnutls_read_uint16(data);
+		if (ret != data_size-2)
+			return gnutls_assert_val(GNUTLS_E_TLS_PACKET_DECODING_ERROR);
+
+		data += 2;
+		data_size -= 2;
+
 		ret = _gnutls_sign_algorithm_parse_data(session, data, data_size);
 		if (ret < 0)
 			return gnutls_assert_val(ret);
author	Nikos Mavrogiannopoulos <nmav@redhat.com>	2017-10-17 09:27:36 +0200
committer	Nikos Mavrogiannopoulos <nmav@redhat.com>	2018-02-19 15:29:36 +0100
commit	0370682c4f6d822b499c5c1f7929d23c3525bf82 (patch)
tree	83c4f21c26565517a6fd81e342187b76310ea8ff /lib/tls13/certificate_request.c
parent	2b8c115f892b4b266e084ceddd7cd546b3b84670 (diff)
download	gnutls-0370682c4f6d822b499c5c1f7929d23c3525bf82.tar.gz