From: Zoltan Fridrich <zfridric@redhat.com>
Date: Fri, 24 Jan 2025 16:12:52 +0000 (+0100)
Subject: Add check for empty compressed certificate
X-Git-Tag: 3.8.9~4^2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=2d339dfa08309e5b87f2076c52cbbb6689dab410;p=thirdparty%2Fgnutls.git

Add check for empty compressed certificate

Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
---

diff --git a/lib/tls13/certificate.c b/lib/tls13/certificate.c
index 0a6a04bef8..44e7f2f39b 100644
--- a/lib/tls13/certificate.c
+++ b/lib/tls13/certificate.c
@@ -676,7 +676,7 @@ static int decompress_certificate(gnutls_session_t session,
 		return gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH);
 
 	ret = _gnutls_buffer_pop_datum_prefix24(buf, &comp);
-	if (ret < 0 || buf->length > 0)
+	if (ret < 0 || buf->length > 0 || comp.size == 0)
 		return gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH);
 
 	plain.data = gnutls_malloc(plain_exp_len);