]> git.ipfire.org Git - thirdparty/gnutls.git/commitdiff
When in compatibility mode allow for larger record sizes than the maximum.
authorNikos Mavrogiannopoulos <nmav@gnutls.org>
Fri, 26 Jul 2013 15:08:19 +0000 (17:08 +0200)
committerNikos Mavrogiannopoulos <nmav@gnutls.org>
Fri, 26 Jul 2013 15:08:19 +0000 (17:08 +0200)
lib/gnutls_cipher.c
lib/gnutls_record.c

index 198cb34d1560fc3f23feeedc5a99c8802922f23d..3caa5aca9db19ebd9fa0a39de146f9779e20a5a0 100644 (file)
@@ -710,7 +710,11 @@ ciphertext_to_compressed (gnutls_session_t session,
         return gnutls_assert_val(ret);
 
       if (unlikely((unsigned)length_to_decrypt > compressed->size))
-        return gnutls_assert_val(GNUTLS_E_DECRYPTION_FAILED);
+        {
+          _gnutls_audit_log(session, "Received %u bytes, while expecting less than %u\n",
+                    (unsigned int)length_to_decrypt, (unsigned int)compressed->size);
+          return gnutls_assert_val(GNUTLS_E_DECRYPTION_FAILED);
+        }
 
       ret =
            _gnutls_auth_cipher_decrypt2 (&params->read.cipher_state,
index 993ddb912ea063a4bd045ec8a0f513c8601d0b4d..4795711aab0558fd2a8677ade327459c4fc3dcdb 100644 (file)
@@ -1193,8 +1193,8 @@ begin:
   /* We allocate the maximum possible to allow few compressed bytes to expand to a
    * full record.
    */
-  decrypted = _mbuffer_alloc(MAX_RECORD_RECV_SIZE(session), 
-                             MAX_RECORD_RECV_SIZE(session));
+  t.size = _gnutls_get_max_decrypted_data(session);
+  decrypted = _mbuffer_alloc(t.size, t.size);
   if (decrypted == NULL)
     return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);