record: send unexpected_message upon empty unencrypted records

Signed-off-by: Daiki Ueno <dueno@redhat.com>

diff --git a/lib/record.c b/lib/record.c
index 45897655246c2dc3d3108f524cb68b7f4025a4bb..96bf5736a9af3d1be92867df9daad82090716e10 100644 (file)
--- a/lib/record.c
+++ b/lib/record.c
@@ -1190,8 +1190,15 @@ static int recv_headers(gnutls_session_t session,
                    (session, "Received packet with illegal length: %u\n",
                     (unsigned int) record->length);
 
-               if (record->length == 0)
+               if (record->length == 0) {
+                       /* Empty, unencrypted records are always unexpected. */
+                       if (record_params->cipher->id == GNUTLS_CIPHER_NULL)
+                               return
+                                   gnutls_assert_val
+                                   (GNUTLS_E_UNEXPECTED_PACKET);
+
                        return gnutls_assert_val(GNUTLS_E_DECRYPTION_FAILED);
+               }
                return
                    gnutls_assert_val(GNUTLS_E_RECORD_OVERFLOW);
        }