From 86e9eea40785c5ade52bf4919ed0e13704bde6f1 Mon Sep 17 00:00:00 2001
From: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date: Tue, 17 Oct 2017 09:27:36 +0200
Subject: certificate request: corrected parsing of signature algorithms

That fixes an issue in TLS 1.3 certificate request message parsing.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
---
 lib/tls13/certificate_request.c | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/lib/tls13/certificate_request.c b/lib/tls13/certificate_request.c
index 252762033a..959603f477 100644
--- a/lib/tls13/certificate_request.c
+++ b/lib/tls13/certificate_request.c
@@ -75,6 +75,16 @@ int parse_cert_extension(void *_ctx, uint16_t tls_id, const uint8_t *data, int d
 
 		session->internals.hsk_flags |= HSK_CRT_REQ_GOT_SIG_ALGO;
 
+		if (data_size < 2)
+			return gnutls_assert_val(GNUTLS_E_TLS_PACKET_DECODING_ERROR);
+
+		ret = _gnutls_read_uint16(data);
+		if (ret != data_size-2)
+			return gnutls_assert_val(GNUTLS_E_TLS_PACKET_DECODING_ERROR);
+
+		data += 2;
+		data_size -= 2;
+
 		ret = _gnutls_sign_algorithm_parse_data(session, data, data_size);
 		if (ret < 0)
 			return gnutls_assert_val(ret);
-- 
cgit v1.2.1