From: Daiki Ueno <dueno@redhat.com>
Date: Sat, 19 Jan 2019 09:31:52 +0000 (+0100)
Subject: constate: don't restore max_record_recv_size from resumed data
X-Git-Tag: gnutls_3_6_6~7^2~2
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=d73f8e1e2db3f5302fa08488233e8da0316fe88d;p=thirdparty%2Fgnutls.git

constate: don't restore max_record_recv_size from resumed data

Signed-off-by: Daiki Ueno <dueno@redhat.com>
---

diff --git a/lib/constate.c b/lib/constate.c
index 11fedab533..fbbff886e9 100644
--- a/lib/constate.c
+++ b/lib/constate.c
@@ -738,8 +738,6 @@ int _gnutls_epoch_set_keys(gnutls_session_t session, uint16_t epoch, hs_stage_t
 		memcpy(dst->server_random, src->server_random, GNUTLS_RANDOM_SIZE); \
 		dst->ext_master_secret = src->ext_master_secret; \
 		dst->etm = src->etm; \
-		dst->max_record_recv_size = src->max_record_recv_size; \
-		dst->max_record_send_size = src->max_record_send_size; \
 		dst->prf = src->prf; \
 		dst->grp = src->grp; \
 		dst->pversion = src->pversion; \
@@ -757,8 +755,15 @@ void _gnutls_set_resumed_parameters(gnutls_session_t session)
 	security_parameters_st *src =
 	    &session->internals.resumed_security_parameters;
 	security_parameters_st *dst = &session->security_parameters;
+	const version_entry_st *ver = get_version(session);
+
+	CPY_COMMON(ver->tls13_sem);
 
-	CPY_COMMON(get_version(session)->tls13_sem);
+	if (!ver->tls13_sem &&
+	    !(session->internals.hsk_flags & HSK_RECORD_SIZE_LIMIT_NEGOTIATED)) {
+		dst->max_record_recv_size = src->max_record_recv_size;
+		dst->max_record_send_size = src->max_record_send_size;
+	}
 }
 
 /* Sets the current connection session to conform with the