From: Miroslav Lichvar <mlichvar@redhat.com>
Date: Mon, 3 May 2021 10:48:23 +0000 (+0200)
Subject: nts: ignore long non-critical records
X-Git-Tag: 4.1~12
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=0493abb68a072b053bceabedf2e8f3c072ab42b3;p=thirdparty%2Fchrony.git

nts: ignore long non-critical records

In the NTS-KE client don't reject the response if it has non-critical
records that are too long for the processing buffer. This is not
expected to happen with the current specification, but it might be
needed with future extensions.

Fixes: 7925ed39b81f ("nts: fix handling of long server negotiation record")
---

diff --git a/nts_ke_client.c b/nts_ke_client.c
index d895bf1e..d1936b69 100644
--- a/nts_ke_client.c
+++ b/nts_ke_client.c
@@ -143,9 +143,10 @@ process_response(NKC_Instance inst)
       break;
 
     if (length > sizeof (data)) {
-      DEBUG_LOG("Record too long type=%d length=%d", type, length);
-      error = 1;
-      break;
+      DEBUG_LOG("Record too long type=%d length=%d critical=%d", type, length, critical);
+      if (critical)
+        error = 1;
+      continue;
     }
 
     switch (type) {