return gnutls_assert_val(ret);
if (unlikely((unsigned)length_to_decrypt > compressed->size))
- return gnutls_assert_val(GNUTLS_E_DECRYPTION_FAILED);
+ {
+ _gnutls_audit_log(session, "Received %u bytes, while expecting less than %u\n",
+ (unsigned int)length_to_decrypt, (unsigned int)compressed->size);
+ return gnutls_assert_val(GNUTLS_E_DECRYPTION_FAILED);
+ }
ret =
_gnutls_auth_cipher_decrypt2 (¶ms->read.cipher_state,
/* We allocate the maximum possible to allow few compressed bytes to expand to a
* full record.
*/
- decrypted = _mbuffer_alloc(MAX_RECORD_RECV_SIZE(session),
- MAX_RECORD_RECV_SIZE(session));
+ t.size = _gnutls_get_max_decrypted_data(session);
+ decrypted = _mbuffer_alloc(t.size, t.size);
if (decrypted == NULL)
return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);