diff options
| author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2019-03-06 07:24:34 +0000 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2019-03-06 07:24:34 +0000 |
| commit | 5e853baa5d8366de033d869821b796a7aa646f21 (patch) | |
| tree | f0b1fc5799bf134a95344e19fb044a15d6d9a249 /lib | |
| parent | 89088e2274342b9deaa50a8b60cf9a0971fe543b (diff) | |
| parent | 908ef4ad2a3fa77bdfa77d347060c6b9ea313749 (diff) | |
| download | gnutls-5e853baa5d8366de033d869821b796a7aa646f21.tar.gz | |
Merge branch 'tmp-explicit-sanity-checks' into 'master'
cleanup: _gnutls_recv_handshake: added explicit sanity checks
See merge request gnutls/gnutls!937
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/handshake.c | 26 | ||||
| -rw-r--r-- | lib/tls13/hello_retry.c | 2 |
2 files changed, 24 insertions, 4 deletions
diff --git a/lib/handshake.c b/lib/handshake.c index c6762076aa..c3f298b527 100644 --- a/lib/handshake.c +++ b/lib/handshake.c @@ -1525,6 +1525,11 @@ _gnutls_recv_handshake(gnutls_session_t session, switch (hsk.htype) { case GNUTLS_HANDSHAKE_CLIENT_HELLO_V2: case GNUTLS_HANDSHAKE_CLIENT_HELLO: + if (!(IS_SERVER(session))) { + ret = gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET); + goto cleanup; + } + #ifdef ENABLE_SSL2 if (hsk.htype == GNUTLS_HANDSHAKE_CLIENT_HELLO_V2) ret = @@ -1551,6 +1556,11 @@ _gnutls_recv_handshake(gnutls_session_t session, break; case GNUTLS_HANDSHAKE_SERVER_HELLO: + if (IS_SERVER(session)) { + ret = gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET); + goto cleanup; + } + ret = read_server_hello(session, hsk.data.data, hsk.data.length); @@ -1561,6 +1571,11 @@ _gnutls_recv_handshake(gnutls_session_t session, break; case GNUTLS_HANDSHAKE_HELLO_VERIFY_REQUEST: + if (IS_SERVER(session)) { + ret = gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET); + goto cleanup; + } + ret = recv_hello_verify_request(session, hsk.data.data, @@ -1578,6 +1593,12 @@ _gnutls_recv_handshake(gnutls_session_t session, case GNUTLS_HANDSHAKE_HELLO_RETRY_REQUEST: { /* hash buffer synth message is generated during hello retry parsing */ gnutls_datum_t hrr = {hsk.data.data, hsk.data.length}; + + if (IS_SERVER(session)) { + ret = gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET); + goto cleanup; + } + ret = _gnutls13_recv_hello_retry_request(session, &hsk.data); @@ -2465,10 +2486,9 @@ recv_hello_verify_request(gnutls_session_t session, unsigned int nb_verifs; int ret; - if (!IS_DTLS(session) - || session->security_parameters.entity == GNUTLS_SERVER) { + if (!IS_DTLS(session)) { gnutls_assert(); - return GNUTLS_E_INTERNAL_ERROR; + return GNUTLS_E_UNEXPECTED_PACKET; } nb_verifs = ++session->internals.dtls.hsk_hello_verify_requests; diff --git a/lib/tls13/hello_retry.c b/lib/tls13/hello_retry.c index 7f2bd1e529..cc7fed1885 100644 --- a/lib/tls13/hello_retry.c +++ b/lib/tls13/hello_retry.c @@ -115,7 +115,7 @@ _gnutls13_recv_hello_retry_request(gnutls_session_t session, /* only under TLS 1.3 */ if (IS_DTLS(session)) - return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR); + return gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET); if (session->internals.hsk_flags & HSK_HRR_RECEIVED) return gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET); |