_gnutls_recv_handshake: added explicit sanity checks

Although, this function acts on the message provided as expected and thus
it should never call a message parsing function on unexpected
messages, we make a more explicit sanity check. This unifies the
sanity checks existing within the involved functions.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

diff --git a/lib/handshake.c b/lib/handshake.c
index 481210ebc0e29e19231d0bf164b9ee9b7f6cf809..32a85663c322e7e7ccf2b65e138789651fc14df5 100644 (file)
--- a/lib/handshake.c
+++ b/lib/handshake.c
@@ -1526,6 +1526,11 @@ _gnutls_recv_handshake(gnutls_session_t session,
        switch (hsk.htype) {
        case GNUTLS_HANDSHAKE_CLIENT_HELLO_V2:
        case GNUTLS_HANDSHAKE_CLIENT_HELLO:
+               if (!(IS_SERVER(session))) {
+                       ret = gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET);
+                       goto cleanup;
+               }
+
 #ifdef ENABLE_SSL2
                if (hsk.htype == GNUTLS_HANDSHAKE_CLIENT_HELLO_V2)
                        ret =
@@ -1552,6 +1557,11 @@ _gnutls_recv_handshake(gnutls_session_t session,
                break;
 
        case GNUTLS_HANDSHAKE_SERVER_HELLO:
+               if (IS_SERVER(session)) {
+                       ret = gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET);
+                       goto cleanup;
+               }
+
                ret = read_server_hello(session, hsk.data.data,
                                        hsk.data.length);
 
@@ -1562,6 +1572,11 @@ _gnutls_recv_handshake(gnutls_session_t session,
 
                break;
        case GNUTLS_HANDSHAKE_HELLO_VERIFY_REQUEST:
+               if (IS_SERVER(session)) {
+                       ret = gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET);
+                       goto cleanup;
+               }
+
                ret =
                    recv_hello_verify_request(session,
                                              hsk.data.data,
@@ -1579,6 +1594,12 @@ _gnutls_recv_handshake(gnutls_session_t session,
        case GNUTLS_HANDSHAKE_HELLO_RETRY_REQUEST: {
                /* hash buffer synth message is generated during hello retry parsing */
                gnutls_datum_t hrr = {hsk.data.data, hsk.data.length};
+
+               if (IS_SERVER(session)) {
+                       ret = gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET);
+                       goto cleanup;
+               }
+
                ret =
                    _gnutls13_recv_hello_retry_request(session,
                                                       &hsk.data);
@@ -2466,10 +2487,9 @@ recv_hello_verify_request(gnutls_session_t session,
        unsigned int nb_verifs;
        int ret;
 
-       if (!IS_DTLS(session)
-           || session->security_parameters.entity == GNUTLS_SERVER) {
+       if (!IS_DTLS(session)) {
                gnutls_assert();
-               return GNUTLS_E_INTERNAL_ERROR;
+               return GNUTLS_E_UNEXPECTED_PACKET;
        }
 
        nb_verifs = ++session->internals.dtls.hsk_hello_verify_requests;

diff --git a/lib/tls13/hello_retry.c b/lib/tls13/hello_retry.c
index 7f2bd1e5297740db9a50b5a1ae273c19779dd3bb..cc7fed18858f49e53c7ff18f6bdc59c4a26f1768 100644 (file)
--- a/lib/tls13/hello_retry.c
+++ b/lib/tls13/hello_retry.c
@@ -115,7 +115,7 @@ _gnutls13_recv_hello_retry_request(gnutls_session_t session,
 
        /* only under TLS 1.3 */
        if (IS_DTLS(session))
-               return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
+               return gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET);
 
        if (session->internals.hsk_flags & HSK_HRR_RECEIVED)
                return gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET);