From 914f6fc1ae4953db7a02e7290db67a33f1b48689 Mon Sep 17 00:00:00 2001 From: Daiki Ueno Date: Thu, 17 Jan 2019 11:53:35 +0100 Subject: ext/record_size_limit: don't confuse with negotiated/user-supplied maximum As documented in gnutls_int.h, max_record_send_size is for tracking the user-supplied maximum, while max_record_recv_size for the protocol negotiated maximum. Signed-off-by: Daiki Ueno --- lib/ext/record_size_limit.c | 35 ++++++++++++++++++++++++++--------- lib/gnutls_int.h | 14 +++++++++----- 2 files changed, 35 insertions(+), 14 deletions(-) diff --git a/lib/ext/record_size_limit.c b/lib/ext/record_size_limit.c index 607ecdb76f..def0d57b25 100644 --- a/lib/ext/record_size_limit.c +++ b/lib/ext/record_size_limit.c @@ -62,19 +62,29 @@ _gnutls_record_size_limit_recv_params(gnutls_session_t session, if (new_size < 64) return gnutls_assert_val(GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER); - /* we do not want to accept sizes less than our minimum */ - if (new_size < MIN_RECORD_SIZE) - return 0; + session->internals.hsk_flags |= HSK_RECORD_SIZE_LIMIT_RECEIVED; + + /* we do not want to accept sizes outside of our supported range */ + if (new_size < MIN_RECORD_SIZE) { + /* for server, reject it by omitting the extension in the reply */ + if (session->security_parameters.entity == GNUTLS_SERVER) { + _gnutls_handshake_log("EXT[%p]: client requested too small record_size_limit %u; ignoring\n", + session, (unsigned)new_size); + return gnutls_assert_val(0); + } else { + _gnutls_handshake_log("EXT[%p]: server requested too small record_size_limit %u; closing the connection\n", + session, (unsigned)new_size); + return gnutls_assert_val(GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER); + } + } session->internals.hsk_flags |= HSK_RECORD_SIZE_LIMIT_NEGOTIATED; - /* if a larger record size limit than the protocol limit is - * provided by the peer, ignore it and stick to the default */ - if (unlikely(new_size > DEFAULT_MAX_RECORD_SIZE)) - return gnutls_assert_val(0); + _gnutls_handshake_log("EXT[%p]: record_size_limit %u negotiated\n", + session, (unsigned)new_size); - session->security_parameters.max_record_send_size = new_size; - session->security_parameters.max_record_recv_size = new_size; + session->security_parameters.max_record_recv_size = + MIN(new_size, session->security_parameters.max_record_send_size); return 0; } @@ -91,6 +101,13 @@ _gnutls_record_size_limit_send_params(gnutls_session_t session, session->security_parameters.max_record_send_size <= DEFAULT_MAX_RECORD_SIZE); + if (session->security_parameters.entity == GNUTLS_SERVER) { + /* if we had received the extension and rejected, don't send it */ + if (session->internals.hsk_flags & HSK_RECORD_SIZE_LIMIT_RECEIVED && + !(session->internals.hsk_flags & HSK_RECORD_SIZE_LIMIT_NEGOTIATED)) + return gnutls_assert_val(0); + } + ret = _gnutls_buffer_append_prefix(extdata, 16, session->security_parameters.max_record_send_size); if (ret < 0) diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h index f99e40a171..2352299cd8 100644 --- a/lib/gnutls_int.h +++ b/lib/gnutls_int.h @@ -1358,6 +1358,7 @@ typedef struct { */ #define HSK_RECORD_SIZE_LIMIT_NEGOTIATED (1<<24) #define HSK_RECORD_SIZE_LIMIT_SENT (1<<25) /* record_size_limit extension was sent */ +#define HSK_RECORD_SIZE_LIMIT_RECEIVED (1<<26) /* server: record_size_limit extension was seen but not accepted yet */ /* The hsk_flags are for use within the ongoing handshake; * they are reset to zero prior to handshake start by gnutls_handshake. */ @@ -1547,17 +1548,20 @@ inline static int _gnutls_set_current_version(gnutls_session_t s, unsigned v) return 0; } +/* Returns the maximum size of the plaintext to be sent, considering + * both user-specified/negotiated maximum values. + */ inline static size_t max_user_send_size(gnutls_session_t session, record_parameters_st * record_params) { size_t max; - if (IS_DTLS(session)) { - max = MIN(gnutls_dtls_get_data_mtu(session), session->security_parameters.max_record_send_size); - } else { - max = session->security_parameters.max_record_send_size; - } + max = MIN(session->security_parameters.max_record_send_size, + session->security_parameters.max_record_recv_size); + + if (IS_DTLS(session)) + max = MIN(gnutls_dtls_get_data_mtu(session), max); return max; } -- cgit v1.2.1