]> git.ipfire.org Git - thirdparty/strongswan.git/commitdiff
projects / thirdparty / strongswan.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 6cf85b3)
Parse unsupported TLS Hello extensions properly
authorMartin Willi <martin@revosec.ch>
Mon, 6 Sep 2010 08:55:15 +0000 (10:55 +0200)
committerMartin Willi <martin@revosec.ch>
Mon, 6 Sep 2010 13:37:51 +0000 (15:37 +0200)
src/libtls/tls_server.c patch | blob | blame | history

diff --git a/src/libtls/tls_server.c b/src/libtls/tls_server.c
index aa371c30a3b70abd38631d9d13e4f5b3fcd78652..e6cce311c95c1eda48118bd113dea2995c5216d0 100644 (file)
--- a/src/libtls/tls_server.c
+++ b/src/libtls/tls_server.c
@@ -220,29 +220,25 @@ static status_t process_client_hello(private_tls_server_t *this,
                extensions = tls_reader_create(ext);
                while (extensions->remaining(extensions))
                {
-                       if (!extensions->read_uint16(extensions, &extension))
+                       if (!extensions->read_uint16(extensions, &extension) ||
+                               !extensions->read_data16(extensions, &ext))
                        {
                                DBG1(DBG_TLS, "received invalid ClientHello Extensions");
                                this->alert->add(this->alert, TLS_FATAL, TLS_DECODE_ERROR);
                                extensions->destroy(extensions);
                                return NEED_MORE;
                        }
-                       DBG1(DBG_TLS, "received TLS %N extension",
+                       DBG1(DBG_TLS, "received TLS '%N' extension",
                                 tls_extension_names, extension);
+                       DBG3(DBG_TLS, "%B", &ext);
                        switch (extension)
                        {
                                case TLS_EXT_SIGNATURE_ALGORITHMS:
-                                       if (extensions->read_data16(extensions, &ext))
-                                       {
-                                               this->hashsig = chunk_clone(ext);
-                                       }
+                                       this->hashsig = chunk_clone(ext);
                                        break;
                                case TLS_EXT_ELLIPTIC_CURVES:
                                        this->curves_received = TRUE;
-                                       if (extensions->read_data16(extensions, &ext))
-                                       {
-                                               this->curves = chunk_clone(ext);
-                                       }
+                                       this->curves = chunk_clone(ext);
                                        break;
                                default:
                                        break;
Unnamed repository; edit this file 'description' to name the repository.