tls13/session_ticket: fix "max_early_data_size" extension handling

session->security_parameters.max_early_data_size is initially set to 0.

Signed-off-by: Daiki Ueno <dueno@redhat.com>

2 files changed, 5 insertions, 4 deletions

diff --git a/lib/state.c b/lib/state.c
index 5364d5e727..7e6354f9fe 100644
--- a/lib/state.c
+++ b/lib/state.c
@@ -518,6 +518,9 @@ int gnutls_init(gnutls_session_t * session, unsigned int flags)
 	if ((*session)->security_parameters.entity == GNUTLS_SERVER) {
 		(*session)->security_parameters.max_early_data_size =
 			DEFAULT_MAX_EARLY_DATA_SIZE;
+	} else {
+		(*session)->security_parameters.max_early_data_size =
+			UINT32_MAX;
 	}
 
 	/* everything else not initialized here is initialized
diff --git a/lib/tls13/session_ticket.c b/lib/tls13/session_ticket.c
index 7ea2b00f82..f254a73036 100644
--- a/lib/tls13/session_ticket.c
+++ b/lib/tls13/session_ticket.c
@@ -388,12 +388,10 @@ static int parse_nst_extension(void *ctx, unsigned tls_id, const unsigned char *
 {
 	gnutls_session_t session = ctx;
 	if (tls_id == ext_mod_early_data.tls_id) {
-		uint32_t size;
 		if (data_size < 4)
 			return gnutls_assert_val(GNUTLS_E_TLS_PACKET_DECODING_ERROR);
-		size = _gnutls_read_uint32(data);
-		if (size < session->security_parameters.max_early_data_size)
-			session->security_parameters.max_early_data_size = size;
+		session->security_parameters.max_early_data_size =
+			_gnutls_read_uint32(data);
 	}
 	return 0;
 }