From 8813fd2ee0c2ef60af19f32f7ed5780b72fc9384 Mon Sep 17 00:00:00 2001
From: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date: Fri, 3 Mar 2017 16:33:57 +0100
Subject: ext/signature: reject an extension with padded data

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
---
 lib/ext/signature.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/lib/ext/signature.c b/lib/ext/signature.c
index 795f149182..b6b0b14b9a 100644
--- a/lib/ext/signature.c
+++ b/lib/ext/signature.c
@@ -203,6 +203,9 @@ _gnutls_signature_algorithm_recv_params(gnutls_session_t session,
 			len = _gnutls_read_uint16(data);
 			DECR_LEN(data_size, len);
 
+			if (data_size > 0)
+				return gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH);
+
 			ret =
 			    _gnutls_sign_algorithm_parse_data(session,
 							      data + 2,
-- 
cgit v1.2.1