compress_certificate: improve error checks

Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>

diff --git a/lib/ext/compress_certificate.c b/lib/ext/compress_certificate.c
index 2a51ae0c77cbf58d91ca3b344c5931d1d405fdb7..61f7a853ecba4c9a9f021666f7ba048efe17c29b 100644 (file)
--- a/lib/ext/compress_certificate.c
+++ b/lib/ext/compress_certificate.c
@@ -194,6 +194,8 @@ int _gnutls_compress_certificate_recv_params(gnutls_session_t session,
                return gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH);
 
        DECR_LEN(data_size, bytes_len);
+       if (data_size > 0)
+               return gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH);
 
        methods_len = 0;
        for (i = 0; i < bytes_len / 2; ++i) {

diff --git a/lib/tls13/certificate.c b/lib/tls13/certificate.c
index b6355ea0ebcb6f0dad1009b0c486080011e68dc0..0a6a04bef83844064251dc90e96436622cedd80c 100644 (file)
--- a/lib/tls13/certificate.c
+++ b/lib/tls13/certificate.c
@@ -95,7 +95,6 @@ int _gnutls13_recv_certificate(gnutls_session_t session)
                ret = decompress_certificate(session, &buf);
                if (ret < 0) {
                        gnutls_assert();
-                       ret = GNUTLS_E_CERTIFICATE_ERROR;
                        goto cleanup;
                }
        }
@@ -665,7 +664,7 @@ static int decompress_certificate(gnutls_session_t session,
 
        ret = _gnutls_buffer_pop_prefix16(buf, &method_num, 0);
        if (ret < 0)
-               return gnutls_assert_val(ret);
+               return gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH);
        comp_method = _gnutls_compress_certificate_num2method(method_num);
 
        if (!_gnutls_compress_certificate_is_method_enabled(session,
@@ -674,33 +673,32 @@ static int decompress_certificate(gnutls_session_t session,
 
        ret = _gnutls_buffer_pop_prefix24(buf, &plain_exp_len, 0);
        if (ret < 0)
-               return gnutls_assert_val(ret);
+               return gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH);
 
        ret = _gnutls_buffer_pop_datum_prefix24(buf, &comp);
-       if (ret < 0)
-               return gnutls_assert_val(ret);
+       if (ret < 0 || buf->length > 0)
+               return gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH);
 
        plain.data = gnutls_malloc(plain_exp_len);
        if (plain.data == NULL)
-               return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
+               return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
        ret = _gnutls_decompress(comp_method, plain.data, plain_exp_len,
                                 comp.data, comp.size);
        if (ret < 0) {
-               gnutls_assert();
+               ret = gnutls_assert_val(GNUTLS_E_CERTIFICATE_ERROR);
                goto cleanup;
        }
        plain.size = ret;
 
        if (plain.size != plain_exp_len) {
-               gnutls_assert();
-               ret = GNUTLS_E_DECOMPRESSION_FAILED;
+               ret = gnutls_assert_val(GNUTLS_E_CERTIFICATE_ERROR);
                goto cleanup;
        }
 
        _gnutls_buffer_clear(buf);
        ret = _gnutls_buffer_append_data(buf, plain.data, plain.size);
        if (ret < 0) {
-               gnutls_assert();
+               ret = gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
                goto cleanup;
        }
 

diff --git a/tests/tls13/compress-cert-neg2.c b/tests/tls13/compress-cert-neg2.c
index 04191c35d088da242db91ed503b06ffea0505c0b..bb30d2e0885db876fb8aa39e0e5714a696b59354 100644 (file)
--- a/tests/tls13/compress-cert-neg2.c
+++ b/tests/tls13/compress-cert-neg2.c
@@ -76,8 +76,8 @@ static int client_callback(gnutls_session_t session, unsigned htype,
                           unsigned post, unsigned incoming,
                           const gnutls_datum_t *msg)
 {
-       /* change compression method to BROTLI */
-       msg->data[1] = 0x02;
+       /* change uncompressed length */
+       msg->data[4] = ~msg->data[4];
        return 0;
 }