From: Nikos Mavrogiannopoulos Date: Fri, 26 Jul 2013 15:08:19 +0000 (+0200) Subject: When in compatibility mode allow for larger record sizes than the maximum. X-Git-Tag: gnutls_3_2_3pre0~13 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=1c81935ffc40d01403243f6ad9c65e4bbc8a0e96;p=thirdparty%2Fgnutls.git When in compatibility mode allow for larger record sizes than the maximum. --- diff --git a/lib/gnutls_cipher.c b/lib/gnutls_cipher.c index 198cb34d15..3caa5aca9d 100644 --- a/lib/gnutls_cipher.c +++ b/lib/gnutls_cipher.c @@ -710,7 +710,11 @@ ciphertext_to_compressed (gnutls_session_t session, return gnutls_assert_val(ret); if (unlikely((unsigned)length_to_decrypt > compressed->size)) - return gnutls_assert_val(GNUTLS_E_DECRYPTION_FAILED); + { + _gnutls_audit_log(session, "Received %u bytes, while expecting less than %u\n", + (unsigned int)length_to_decrypt, (unsigned int)compressed->size); + return gnutls_assert_val(GNUTLS_E_DECRYPTION_FAILED); + } ret = _gnutls_auth_cipher_decrypt2 (¶ms->read.cipher_state, diff --git a/lib/gnutls_record.c b/lib/gnutls_record.c index 993ddb912e..4795711aab 100644 --- a/lib/gnutls_record.c +++ b/lib/gnutls_record.c @@ -1193,8 +1193,8 @@ begin: /* We allocate the maximum possible to allow few compressed bytes to expand to a * full record. */ - decrypted = _mbuffer_alloc(MAX_RECORD_RECV_SIZE(session), - MAX_RECORD_RECV_SIZE(session)); + t.size = _gnutls_get_max_decrypted_data(session); + decrypted = _mbuffer_alloc(t.size, t.size); if (decrypted == NULL) return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);