ext/record_size_limit: reject too large extension payload

author Daiki Ueno <dueno@redhat.com>

Thu, 17 Jan 2019 10:52:50 +0000 (11:52 +0100)

committer Daiki Ueno <dueno@redhat.com>

Wed, 23 Jan 2019 15:59:49 +0000 (16:59 +0100)
author Daiki Ueno <dueno@redhat.com>
Thu, 17 Jan 2019 10:52:50 +0000 (11:52 +0100)
committer Daiki Ueno <dueno@redhat.com>
Wed, 23 Jan 2019 15:59:49 +0000 (16:59 +0100)
diff --git a/lib/ext/record_size_limit.c b/lib/ext/record_size_limit.c

index 811e2ea93fed9401e132df5951e743b9c0ed0005..35b5e446d20e99b600298619c91d47ef99996570 100644 (file)
--- a/lib/ext/record_size_limit.c
+++ b/lib/ext/record_size_limit.c
@@ -54,6 +54,8 @@ _gnutls_record_size_limit_recv_params(gnutls_session_t session,
         ssize_t data_size = _data_size;
  
         DECR_LEN(data_size, 2);
+       if (data_size != 0)
+               return gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH);
         new_size = _gnutls_read_uint16(data);
  
         /* protocol error */
author	Daiki Ueno <dueno@redhat.com>
	Thu, 17 Jan 2019 10:52:50 +0000 (11:52 +0100)
committer	Daiki Ueno <dueno@redhat.com>
	Wed, 23 Jan 2019 15:59:49 +0000 (16:59 +0100)