diff options
| -rw-r--r-- | lib/buffers.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/lib/buffers.c b/lib/buffers.c index 107a9ca9ca..e42bcd4f86 100644 --- a/lib/buffers.c +++ b/lib/buffers.c @@ -953,12 +953,13 @@ parse_handshake_header(gnutls_session_t session, mbuffer_st * bufel, return gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH); - if (hsk->length > 0 && (hsk->start_offset >= hsk->end_offset || + if (hsk->length > 0 && (hsk->start_offset > hsk->end_offset || hsk->end_offset - hsk->start_offset >= data_size - || hsk->end_offset >= hsk->length)) + || hsk->end_offset >= hsk->length)) { return gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH); + } else if (hsk->length == 0 && hsk->end_offset != 0 && hsk->start_offset != 0) return |