alerts: separated record overflow from decode error alerts

Introduced GNUTLS_E_RECORD_OVERFLOW.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

diff --git a/lib/alert.c b/lib/alert.c
index a4e30cf48c1b9f186f3826d80b7e5c4535069a27..0aa92e314ea7e92cb28c816c575d783c3e8bbbc7 100644 (file)
--- a/lib/alert.c
+++ b/lib/alert.c
@@ -201,6 +201,7 @@ int gnutls_error_to_alert(int err, int *level)
                ret = GNUTLS_A_BAD_RECORD_MAC;
                _level = GNUTLS_AL_FATAL;
                break;
+       case GNUTLS_E_UNEXPECTED_PACKET_LENGTH:
        case GNUTLS_E_UNEXPECTED_EXTENSIONS_LENGTH:
                ret = GNUTLS_A_DECODE_ERROR;
                _level = GNUTLS_AL_FATAL;
@@ -273,7 +274,7 @@ int gnutls_error_to_alert(int err, int *level)
                ret = GNUTLS_A_UNSUPPORTED_CERTIFICATE;
                _level = GNUTLS_AL_FATAL;
                break;
-       case GNUTLS_E_UNEXPECTED_PACKET_LENGTH:
+       case GNUTLS_E_RECORD_OVERFLOW:
                ret = GNUTLS_A_RECORD_OVERFLOW;
                _level = GNUTLS_AL_FATAL;
                break;

diff --git a/lib/errors.c b/lib/errors.c
index 7dd7e149eec0d71a5e6500e0dcb7b2abcff3c259..7634eaee28119060f2fe447148dac3912fa1ba8a 100644 (file)
--- a/lib/errors.c
+++ b/lib/errors.c
@@ -66,6 +66,9 @@ static const gnutls_error_entry error_entries[] = {
        ERROR_ENTRY(N_
                    ("A TLS packet with unexpected length was received."),
                    GNUTLS_E_UNEXPECTED_PACKET_LENGTH),
+       ERROR_ENTRY(N_
+                   ("A TLS packet with unexpected length was received."),
+                   GNUTLS_E_RECORD_OVERFLOW),
        ERROR_ENTRY(N_("The TLS connection was non-properly terminated."),
                    GNUTLS_E_PREMATURE_TERMINATION),
        ERROR_ENTRY(N_

diff --git a/lib/includes/gnutls/gnutls.h.in b/lib/includes/gnutls/gnutls.h.in
index 28b6d48044dd97f73d5e850078eac4359865f3e7..5a071c0d04767294157466f1024b9beb4c8ee03f 100644 (file)
--- a/lib/includes/gnutls/gnutls.h.in
+++ b/lib/includes/gnutls/gnutls.h.in
@@ -2629,7 +2629,7 @@ unsigned gnutls_fips140_mode_enabled(void);
 #define        GNUTLS_E_UNKNOWN_CIPHER_TYPE -6
 #define        GNUTLS_E_LARGE_PACKET -7
 #define GNUTLS_E_UNSUPPORTED_VERSION_PACKET -8 /* GNUTLS_A_PROTOCOL_VERSION */
-#define GNUTLS_E_UNEXPECTED_PACKET_LENGTH -9   /* GNUTLS_A_RECORD_OVERFLOW */
+#define GNUTLS_E_UNEXPECTED_PACKET_LENGTH -9   /* GNUTLS_A_DECODE_ERROR */
 #define GNUTLS_E_INVALID_SESSION -10
 #define GNUTLS_E_FATAL_ALERT_RECEIVED -12
 #define GNUTLS_E_UNEXPECTED_PACKET -15 /* GNUTLS_A_UNEXPECTED_MESSAGE */
@@ -2842,6 +2842,7 @@ unsigned gnutls_fips140_mode_enabled(void);
 #define GNUTLS_E_INVALID_UTF8_EMAIL -414
 #define GNUTLS_E_INVALID_PASSWORD_STRING -415
 #define GNUTLS_E_CERTIFICATE_TIME_ERROR -416
+#define GNUTLS_E_RECORD_OVERFLOW -417  /* GNUTLS_A_RECORD_OVERFLOW */
 
 #define GNUTLS_E_UNIMPLEMENTED_FEATURE -1250
 

diff --git a/lib/record.c b/lib/record.c
index 133f23e1450557d3d225971f83ca8a0c0cd4036d..59b5ee114c547a7a2511343e182f6f7e304aaf67 100644 (file)
--- a/lib/record.c
+++ b/lib/record.c
@@ -1104,7 +1104,7 @@ static int recv_headers(gnutls_session_t session,
                    (session, "Received packet with illegal length: %u\n",
                     (unsigned int) record->length);
                return
-                   gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH);
+                   gnutls_assert_val(GNUTLS_E_RECORD_OVERFLOW);
        }
 
        _gnutls_record_log
@@ -1368,6 +1368,7 @@ _gnutls_recv_in_buffers(gnutls_session_t session, content_type_t type,
        if (IS_DTLS(session) && (ret == GNUTLS_E_DECRYPTION_FAILED ||
                ret == GNUTLS_E_UNSUPPORTED_VERSION_PACKET ||
                ret == GNUTLS_E_UNEXPECTED_PACKET_LENGTH ||
+               ret == GNUTLS_E_RECORD_OVERFLOW ||
                ret == GNUTLS_E_UNEXPECTED_PACKET ||
                ret == GNUTLS_E_ERROR_IN_FINISHED_PACKET ||
                ret == GNUTLS_E_UNEXPECTED_HANDSHAKE_PACKET)) {