diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2007-11-14 07:51:39 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2007-11-14 07:51:39 +0200 |
commit | 2b52de53f9602eba78e2796d23f5b78b3842b8f3 (patch) | |
tree | baa0a22dc346f5648abdd68cdf247a536c93785d | |
parent | d2276d3cdfb52012ccc7de852f42dae67b1bca69 (diff) | |
download | gnutls-2b52de53f9602eba78e2796d23f5b78b3842b8f3.tar.gz |
Corrected bug in decompression of expanded compression data.
-rw-r--r-- | NEWS | 4 | ||||
-rw-r--r-- | lib/gnutls_cipher.c | 8 | ||||
-rw-r--r-- | lib/gnutls_compress.c | 10 | ||||
-rw-r--r-- | lib/gnutls_compress.h | 4 | ||||
-rw-r--r-- | lib/gnutls_record.c | 12 |
5 files changed, 24 insertions, 14 deletions
@@ -3,6 +3,10 @@ Copyright (C) 2004, 2005, 2006, 2007 Simon Josefsson Copyright (C) 2000, 2001, 2002, 2003, 2004 Nikos Mavroyanopoulos See the end for copying conditions. +* Version 2.0.4 (unreleased) + +** Corrected bug in decompression of expanded compression data. + * Version 2.0.3 (released 2007-11-10) ** This version backports several fixes from the 2.1.x branch. diff --git a/lib/gnutls_cipher.c b/lib/gnutls_cipher.c index b2420f74d3..9e3dcdb676 100644 --- a/lib/gnutls_cipher.c +++ b/lib/gnutls_cipher.c @@ -91,7 +91,7 @@ _gnutls_encrypt (gnutls_session_t session, const opaque * headers, /* Here comp is allocated and must be * freed. */ - ret = _gnutls_m_plaintext2compressed (session, &comp, plain); + ret = _gnutls_m_plaintext2compressed (session, &comp, &plain); if (ret < 0) { gnutls_assert (); @@ -160,20 +160,20 @@ _gnutls_decrypt (gnutls_session_t session, opaque * ciphertext, gcomp.data = data; gcomp.size = ret; - ret = _gnutls_m_compressed2plaintext (session, >xt, gcomp); + ret = _gnutls_m_compressed2plaintext (session, >xt, &gcomp); if (ret < 0) { return ret; } - if (gtxt.size > max_data_size) + if (gtxt.size > MAX_RECORD_RECV_SIZE) { gnutls_assert (); _gnutls_free_datum (>xt); /* This shouldn't have happen and * is a TLS fatal error. */ - return GNUTLS_E_INTERNAL_ERROR; + return GNUTLS_E_DECOMPRESSION_FAILED; } memcpy (data, gtxt.data, gtxt.size); diff --git a/lib/gnutls_compress.c b/lib/gnutls_compress.c index 9e42157d8e..81faf35112 100644 --- a/lib/gnutls_compress.c +++ b/lib/gnutls_compress.c @@ -36,14 +36,14 @@ int _gnutls_m_plaintext2compressed (gnutls_session_t session, gnutls_datum_t * compressed, - gnutls_datum_t plaintext) + const gnutls_datum_t* plaintext) { int size; opaque *data; size = _gnutls_compress (session->connection_state.write_compression_state, - plaintext.data, plaintext.size, &data, + plaintext->data, plaintext->size, &data, MAX_RECORD_SEND_SIZE + 1024); if (size < 0) { @@ -59,15 +59,15 @@ _gnutls_m_plaintext2compressed (gnutls_session_t session, int _gnutls_m_compressed2plaintext (gnutls_session_t session, gnutls_datum_t * plain, - gnutls_datum_t compressed) + const gnutls_datum_t* compressed) { int size; opaque *data; size = _gnutls_decompress (session->connection_state. - read_compression_state, compressed.data, - compressed.size, &data, MAX_RECORD_RECV_SIZE); + read_compression_state, compressed->data, + compressed->size, &data, MAX_RECORD_RECV_SIZE); if (size < 0) { gnutls_assert (); diff --git a/lib/gnutls_compress.h b/lib/gnutls_compress.h index 13e155ec05..fe42fea7ce 100644 --- a/lib/gnutls_compress.h +++ b/lib/gnutls_compress.h @@ -24,7 +24,7 @@ int _gnutls_m_plaintext2compressed (gnutls_session_t session, gnutls_datum_t * compressed, - gnutls_datum_t plaintext); + const gnutls_datum_t *plaintext); int _gnutls_m_compressed2plaintext (gnutls_session_t session, gnutls_datum_t * plain, - gnutls_datum_t compressed); + const gnutls_datum_t* compressed); diff --git a/lib/gnutls_record.c b/lib/gnutls_record.c index 990526edd7..5e3492cf43 100644 --- a/lib/gnutls_record.c +++ b/lib/gnutls_record.c @@ -777,13 +777,19 @@ record_check_type (gnutls_session_t session, inline static int get_temp_recv_buffer (gnutls_session_t session, gnutls_datum_t * tmp) { +size_t max_record_size; + + if (gnutls_compression_get(session) != GNUTLS_COMP_NULL) + max_record_size = MAX_RECORD_RECV_SIZE + EXTRA_COMP_SIZE; + else + max_record_size = MAX_RECORD_RECV_SIZE; /* We allocate MAX_RECORD_RECV_SIZE length * because we cannot predict the output data by the record * packet length (due to compression). */ - if (MAX_RECORD_RECV_SIZE > session->internals.recv_buffer.size || + if (max_record_size > session->internals.recv_buffer.size || session->internals.recv_buffer.data == NULL) { @@ -791,7 +797,7 @@ get_temp_recv_buffer (gnutls_session_t session, gnutls_datum_t * tmp) */ session->internals.recv_buffer.data = gnutls_realloc (session->internals.recv_buffer.data, - MAX_RECORD_RECV_SIZE); + max_record_size); if (session->internals.recv_buffer.data == NULL) { @@ -799,7 +805,7 @@ get_temp_recv_buffer (gnutls_session_t session, gnutls_datum_t * tmp) return GNUTLS_E_MEMORY_ERROR; } - session->internals.recv_buffer.size = MAX_RECORD_RECV_SIZE; + session->internals.recv_buffer.size = max_record_size; } tmp->data = session->internals.recv_buffer.data; |