diff options
Diffstat (limited to 'lib/gnutls_handshake.c')
-rw-r--r-- | lib/gnutls_handshake.c | 31 |
1 files changed, 21 insertions, 10 deletions
diff --git a/lib/gnutls_handshake.c b/lib/gnutls_handshake.c index 98aa86cb8f..d7981802a0 100644 --- a/lib/gnutls_handshake.c +++ b/lib/gnutls_handshake.c @@ -1003,6 +1003,14 @@ _gnutls_recv_handshake_header (gnutls_session_t session, *recv_type = session->internals.handshake_header_buffer.recv_type; + if (*recv_type != type) + { + gnutls_assert (); + _gnutls_handshake_log + ("HSK[%x]: Handshake type mismatch (under attack?)\n", session); + return GNUTLS_E_UNEXPECTED_HANDSHAKE_PACKET; + } + return session->internals.handshake_header_buffer.packet_length; } @@ -2955,16 +2963,19 @@ _gnutls_remove_unwanted_ciphersuites (gnutls_session_t session, } /** - * gnutls_handshake_set_max_packet_length - set the maximum length of a handshake message - * @session: is a #gnutls_session_t structure. - * @max: is the maximum number. - * - * This function will set the maximum size of a handshake message. - * Handshake messages over this size are rejected. The default value - * is 16kb which is large enough. Set this to 0 if you do not want to - * set an upper limit. - * - **/ + * gnutls_handshake_set_max_packet_length - set the maximum size of the handshake + * @session: is a #gnutls_session_t structure. + * @max: is the maximum number. + * + * This function will set the maximum size of all handshake messages. + * Handshakes over this size are rejected with + * %GNUTLS_E_HANDSHAKE_TOO_LARGE error code. The default value is + * 48kb which is typically large enough. Set this to 0 if you do not + * want to set an upper limit. + * + * The reason for restricting the handshake message sizes are to + * limit Denial of Service attacks. + **/ void gnutls_handshake_set_max_packet_length (gnutls_session_t session, size_t max) { |