static int
_gnutls_extension_list_check(gnutls_session_t session, uint16_t type)
{
- if (session->security_parameters.entity == GNUTLS_CLIENT) {
- int i;
-
- for (i = 0; i < session->internals.extensions_sent_size;
- i++) {
- if (type == session->internals.extensions_sent[i])
- return 0; /* ok found */
- }
+ int i;
- return GNUTLS_E_RECEIVED_ILLEGAL_EXTENSION;
+ for (i = 0; i < session->internals.extensions_sent_size; i++) {
+ if (type == session->internals.extensions_sent[i])
+ return 0; /* ok found */
}
- return 0;
+ return GNUTLS_E_RECEIVED_ILLEGAL_EXTENSION;
}
int
type = _gnutls_read_uint16(&data[pos]);
pos += 2;
- if ((ret =
- _gnutls_extension_list_check(session, type)) < 0) {
- gnutls_assert();
- return ret;
+ if (session->security_parameters.entity == GNUTLS_CLIENT) {
+ if ((ret =
+ _gnutls_extension_list_check(session, type)) < 0) {
+ gnutls_assert();
+ return ret;
+ }
+ } else {
+ _gnutls_extension_list_add(session, type);
}
DECR_LENGTH_RET(next, 2, 0);
void _gnutls_extension_list_add(gnutls_session_t session, uint16_t type)
{
- if (session->security_parameters.entity == GNUTLS_CLIENT) {
- if (session->internals.extensions_sent_size <
- MAX_EXT_TYPES) {
- session->internals.extensions_sent[session->
- internals.extensions_sent_size]
- = type;
- session->internals.extensions_sent_size++;
- } else {
- _gnutls_handshake_log
- ("extensions: Increase MAX_EXT_TYPES\n");
- }
+ if (session->internals.extensions_sent_size <
+ MAX_EXT_TYPES) {
+ session->internals.extensions_sent[session->
+ internals.extensions_sent_size]
+ = type;
+ session->internals.extensions_sent_size++;
+ } else {
+ _gnutls_handshake_log
+ ("extensions: Increase MAX_EXT_TYPES\n");
}
}
&& p->parse_type != parse_type)
continue;
+ /* ensure we are sending only what we received */
+ if (session->security_parameters.entity == GNUTLS_SERVER) {
+ if ((ret =
+ _gnutls_extension_list_check(session, p->type)) < 0) {
+ continue;
+ }
+ }
+
ret = _gnutls_buffer_append_prefix(extdata, 16, p->type);
if (ret < 0)
return gnutls_assert_val(ret);
/* add this extension to the extension list
*/
- _gnutls_extension_list_add(session, p->type);
+ if (session->security_parameters.entity == GNUTLS_CLIENT)
+ _gnutls_extension_list_add(session, p->type);
_gnutls_handshake_log
("EXT[%p]: Sending extension %s (%d bytes)\n",