i -= len + 3;
}
+ if (dsize != 0)
+ return gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH);
+
if (peer_certificate_list_size == 0) {
gnutls_assert();
return GNUTLS_E_NO_CERTIFICATE_FOUND;
return GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE;
}
+ if (dsize != 0)
+ return gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH);
+
/* ok we now have the peer's key in tmp datum
*/
peer_certificate_list = gnutls_calloc(1, sizeof(gnutls_pcert_st));
return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
}
- DECR_LEN(dsize, size);
+ DECR_LEN_FINAL(dsize, size);
/* now we ask the user to tell which one
* he wants to use.
}
ret = _gnutls_session_sign_algo_enabled(session, sign_algo);
- if (ret < 0) {
- gnutls_assert();
- return GNUTLS_E_UNSUPPORTED_SIGNATURE_ALGORITHM;
- }
+ if (ret < 0)
+ return gnutls_assert_val(GNUTLS_E_UNSUPPORTED_SIGNATURE_ALGORITHM);
DECR_LEN(dsize, 2);
size = _gnutls_read_uint16(pdata);
pdata += 2;
- DECR_LEN(dsize, size);
+ DECR_LEN_FINAL(dsize, size);
sig.data = pdata;
sig.size = size;
sigsize = _gnutls_read_uint16(data);
data += 2;
- DECR_LEN(data_size, sigsize);
+ DECR_LEN_FINAL(data_size, sigsize);
signature.data = data;
signature.size = sigsize;
#define MEMSUB(x,y) ((ssize_t)((ptrdiff_t)x-(ptrdiff_t)y))
#define DECR_LEN(len, x) do { len-=x; if (len<0) {gnutls_assert(); return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;} } while (0)
+#define DECR_LEN_FINAL(len, x) do { \
+ len-=x; \
+ if (len != 0) \
+ return gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH); \
+ } while (0)
#define DECR_LENGTH_RET(len, x, RET) do { len-=x; if (len<0) {gnutls_assert(); return RET;} } while (0)
#define DECR_LENGTH_COM(len, x, COM) do { len-=x; if (len<0) {gnutls_assert(); COM;} } while (0)