nts: ignore long non-critical records

In the NTS-KE client don't reject the response if it has non-critical
records that are too long for the processing buffer. This is not
expected to happen with the current specification, but it might be
needed with future extensions.

Fixes: 7925ed39b81f ("nts: fix handling of long server negotiation record")

diff --git a/nts_ke_client.c b/nts_ke_client.c
index d895bf1e76cc7306fd3df473c0b34bb42090ac4b..d1936b690801e9fa278d9b5b4e57fb0b7a3b21c8 100644 (file)
--- a/nts_ke_client.c
+++ b/nts_ke_client.c
@@ -143,9 +143,10 @@ process_response(NKC_Instance inst)
       break;
 
     if (length > sizeof (data)) {
-      DEBUG_LOG("Record too long type=%d length=%d", type, length);
-      error = 1;
-      break;
+      DEBUG_LOG("Record too long type=%d length=%d critical=%d", type, length, critical);
+      if (critical)
+        error = 1;
+      continue;
     }
 
     switch (type) {