From: Miroslav Lichvar Date: Tue, 27 Apr 2021 13:39:59 +0000 (+0200) Subject: nts: avoid assumption about cookie record X-Git-Tag: 4.1~19 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d01cb5af46caedb8a4a6529c8b80eef9976cef8d;p=thirdparty%2Fchrony.git nts: avoid assumption about cookie record The cookie record is currently assumed to be the longest record that needs to be accepted by the client, but that does not have to be always the case. Define the processing buffer using the maximum body record constant instead and add an assertion to make sure it's not smaller than the maximum accepted cookie length. --- diff --git a/nts_ke_client.c b/nts_ke_client.c index 89dc6fed..d895bf1e 100644 --- a/nts_ke_client.c +++ b/nts_ke_client.c @@ -127,9 +127,10 @@ process_response(NKC_Instance inst) { int next_protocol = -1, aead_algorithm = -1, error = 0; int i, critical, type, length; - uint16_t data[NKE_MAX_COOKIE_LENGTH / sizeof (uint16_t)]; + uint16_t data[NKE_MAX_RECORD_BODY_LENGTH / sizeof (uint16_t)]; - assert(NKE_MAX_COOKIE_LENGTH % sizeof (uint16_t) == 0); + assert(NKE_MAX_COOKIE_LENGTH <= NKE_MAX_RECORD_BODY_LENGTH); + assert(sizeof (data) % sizeof (uint16_t) == 0); assert(sizeof (uint16_t) == 2); inst->num_cookies = 0;