Add check for empty compressed certificate

author Zoltan Fridrich <zfridric@redhat.com>

Fri, 24 Jan 2025 16:12:52 +0000 (17:12 +0100)

committer Zoltan Fridrich <zfridric@redhat.com>

Fri, 24 Jan 2025 16:12:52 +0000 (17:12 +0100)
author Zoltan Fridrich <zfridric@redhat.com>
Fri, 24 Jan 2025 16:12:52 +0000 (17:12 +0100)
committer Zoltan Fridrich <zfridric@redhat.com>
Fri, 24 Jan 2025 16:12:52 +0000 (17:12 +0100)
diff --git a/lib/tls13/certificate.c b/lib/tls13/certificate.c

index 0a6a04bef83844064251dc90e96436622cedd80c..44e7f2f39b2aae2de94d6440f3f944bf230bbfc5 100644 (file)
--- a/lib/tls13/certificate.c
+++ b/lib/tls13/certificate.c
@@ -676,7 +676,7 @@ static int decompress_certificate(gnutls_session_t session,
                 return gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH);
  
         ret = _gnutls_buffer_pop_datum_prefix24(buf, &comp);
-       if (ret < 0 || buf->length > 0)
+       if (ret < 0 || buf->length > 0 || comp.size == 0)
                 return gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH);
  
         plain.data = gnutls_malloc(plain_exp_len);
author	Zoltan Fridrich <zfridric@redhat.com>
	Fri, 24 Jan 2025 16:12:52 +0000 (17:12 +0100)
committer	Zoltan Fridrich <zfridric@redhat.com>
	Fri, 24 Jan 2025 16:12:52 +0000 (17:12 +0100)