From e33c22b68d5cc5c4140ac9d9b1d96d130c488af3 Mon Sep 17 00:00:00 2001
From: Daiki Ueno <dueno@redhat.com>
Date: Thu, 17 Jan 2019 11:52:50 +0100
Subject: ext/record_size_limit: reject too large extension payload

Signed-off-by: Daiki Ueno <dueno@redhat.com>
---
 lib/ext/record_size_limit.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/lib/ext/record_size_limit.c b/lib/ext/record_size_limit.c
index 811e2ea93f..35b5e446d2 100644
--- a/lib/ext/record_size_limit.c
+++ b/lib/ext/record_size_limit.c
@@ -54,6 +54,8 @@ _gnutls_record_size_limit_recv_params(gnutls_session_t session,
 	ssize_t data_size = _data_size;
 
 	DECR_LEN(data_size, 2);
+	if (data_size != 0)
+		return gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH);
 	new_size = _gnutls_read_uint16(data);
 
 	/* protocol error */
-- 
cgit v1.2.1