2 files changed, 16 insertions, 7 deletions

diff --git a/lib/auth/cert.c b/lib/auth/cert.c
index e89d618e28..38debd052d 100644
--- a/lib/auth/cert.c
+++ b/lib/auth/cert.c
@@ -1073,6 +1073,9 @@ _gnutls_proc_x509_server_crt(gnutls_session_t session,
 		i -= len + 3;
 	}
 
+	if (dsize != 0)
+		return gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH);
+
 	if (peer_certificate_list_size == 0) {
 		gnutls_assert();
 		return GNUTLS_E_NO_CERTIFICATE_FOUND;
@@ -1284,6 +1287,9 @@ _gnutls_proc_openpgp_server_crt(gnutls_session_t session,
 		return GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE;
 	}
 
+	if (dsize != 0)
+		return gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH);
+
 	/* ok we now have the peer's key in tmp datum
 	 */
 	peer_certificate_list = gnutls_calloc(1, sizeof(gnutls_pcert_st));
@@ -1476,7 +1482,7 @@ _gnutls_proc_cert_cert_req(gnutls_session_t session, uint8_t * data,
 		return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
 	}
 
-	DECR_LEN(dsize, size);
+	DECR_LEN_FINAL(dsize, size);
 
 	/* now we ask the user to tell which one
 	 * he wants to use.
@@ -1600,16 +1606,14 @@ _gnutls_proc_cert_client_crt_vrfy(gnutls_session_t session,
 	}
 
 	ret = _gnutls_session_sign_algo_enabled(session, sign_algo);
-	if (ret < 0) {
-		gnutls_assert();
-		return GNUTLS_E_UNSUPPORTED_SIGNATURE_ALGORITHM;
-	}
+	if (ret < 0)
+		return gnutls_assert_val(GNUTLS_E_UNSUPPORTED_SIGNATURE_ALGORITHM);
 
 	DECR_LEN(dsize, 2);
 	size = _gnutls_read_uint16(pdata);
 	pdata += 2;
 
-	DECR_LEN(dsize, size);
+	DECR_LEN_FINAL(dsize, size);
 
 	sig.data = pdata;
 	sig.size = size;
@@ -2240,7 +2244,7 @@ _gnutls_proc_dhe_signature(gnutls_session_t session, uint8_t * data,
 	sigsize = _gnutls_read_uint16(data);
 	data += 2;
 
-	DECR_LEN(data_size, sigsize);
+	DECR_LEN_FINAL(data_size, sigsize);
 	signature.data = data;
 	signature.size = sigsize;
 
diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h
index 785f9e6e20..c5d238d731 100644
--- a/lib/gnutls_int.h
+++ b/lib/gnutls_int.h
@@ -225,6 +225,11 @@ typedef enum record_flush_t {
 #define MEMSUB(x,y) ((ssize_t)((ptrdiff_t)x-(ptrdiff_t)y))
 
 #define DECR_LEN(len, x) do { len-=x; if (len<0) {gnutls_assert(); return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;} } while (0)
+#define DECR_LEN_FINAL(len, x) do { \
+	len-=x; \
+	if (len != 0) \
+		return gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH); \
+	} while (0)
 #define DECR_LENGTH_RET(len, x, RET) do { len-=x; if (len<0) {gnutls_assert(); return RET;} } while (0)
 #define DECR_LENGTH_COM(len, x, COM) do { len-=x; if (len<0) {gnutls_assert(); COM;} } while (0)