added a size check in the group generator received by the server.

author: Nikos Mavrogiannopoulos <nmav@gnutls.org> 2003-09-11 12:36:23 +0000
committer: Nikos Mavrogiannopoulos <nmav@gnutls.org> 2003-09-11 12:36:23 +0000
commit: 4c13e34bc55647c7d9d6516a5c9aad4d0dc4d1bc (patch)
tree: 911e7cdd86f6ecb36328bdb0e7dd312339308332 /libextra/auth_srp.c
parent: ac5b89f0d010cac5a71907181fe281c039336e41 (diff)
download: gnutls-4c13e34bc55647c7d9d6516a5c9aad4d0dc4d1bc.tar.gz
1 files changed, 7 insertions, 1 deletions
diff --git a/libextra/auth_srp.c b/libextra/auth_srp.c
index f35ac7decf..d6bebd02aa 100644
--- a/libextra/auth_srp.c
+++ b/libextra/auth_srp.c
@@ -478,9 +478,15 @@ static int group_check_g_n( GNUTLS_MPI g, GNUTLS_MPI n)
 	}
 	
 	/* We should also check whether g is a generator,
-	 * but this is not possible.
+	 * but this is not possible. We now only check if
+	 * the generator is not too large.
 	 */
 	
+	if (_gnutls_mpi_get_nbits(g) > 7) {
+		gnutls_assert();
+		return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
+	}
+	
 	return 0;
 
 }
author	Nikos Mavrogiannopoulos <nmav@gnutls.org>	2003-09-11 12:36:23 +0000
committer	Nikos Mavrogiannopoulos <nmav@gnutls.org>	2003-09-11 12:36:23 +0000
commit	4c13e34bc55647c7d9d6516a5c9aad4d0dc4d1bc (patch)
tree	911e7cdd86f6ecb36328bdb0e7dd312339308332 /libextra/auth_srp.c
parent	ac5b89f0d010cac5a71907181fe281c039336e41 (diff)
download	gnutls-4c13e34bc55647c7d9d6516a5c9aad4d0dc4d1bc.tar.gz