diff options
| author | System User <nmav@crystal.(none)> | 2007-12-06 22:50:48 +0200 |
|---|---|---|
| committer | System User <nmav@crystal.(none)> | 2007-12-06 22:50:48 +0200 |
| commit | c92c5538e902e83013c91dd2e5609fa60cf2ba2b (patch) | |
| tree | 00c506a17f43d4b3a287997cfe82c37713270dc3 | |
| parent | cc4a2fcf5c477a32fd9144ad1aa8e5351faa40a0 (diff) | |
| download | gnutls-c92c5538e902e83013c91dd2e5609fa60cf2ba2b.tar.gz | |
Revert "We now ignore received packets with unknown content types"
This reverts commit 4a19fd59da474b3de977a925fd91578db7e3d4a1.
| -rw-r--r-- | NEWS | 3 | ||||
| -rw-r--r-- | lib/gnutls_record.c | 36 |
2 files changed, 28 insertions, 11 deletions
@@ -20,9 +20,6 @@ gnutls_x509_crt_get_subject_alt_name2: ADD. ** PKCS #8 parser can now encode/decode DSA keys. -** We now ignore received packets with unknown content types -to follow the TLS spec. - ** Updated gnutls_set_default_priority2() now renamed to gnutls_priority_set() and gnutls_priority_set_direct() which accept a string to indicate preferences of ciphersuite parameters. diff --git a/lib/gnutls_record.c b/lib/gnutls_record.c index edc4dd1409..d4ff531078 100644 --- a/lib/gnutls_record.c +++ b/lib/gnutls_record.c @@ -489,6 +489,25 @@ _gnutls_send_change_cipher_spec (gnutls_session_t session, int again) } } +inline static int +check_recv_type (content_type_t recv_type) +{ + switch (recv_type) + { + case GNUTLS_CHANGE_CIPHER_SPEC: + case GNUTLS_ALERT: + case GNUTLS_HANDSHAKE: + case GNUTLS_APPLICATION_DATA: + case GNUTLS_INNER_APPLICATION: + return 0; + default: + gnutls_assert (); + return GNUTLS_E_UNSUPPORTED_VERSION_PACKET; + } + +} + + /* Checks if there are pending data in the record buffers. If there are * then it copies the data. */ @@ -747,14 +766,13 @@ record_check_type (gnutls_session_t session, return GNUTLS_E_UNEXPECTED_PACKET; break; default: - /* an unknown content type was received. Just ignore it. */ + _gnutls_record_log ("REC[%x]: Received Unknown packet %d expecting %d\n", session, recv_type, type); gnutls_assert (); - /* call again to receive actual data */ - return GNUTLS_E_AGAIN; + return GNUTLS_E_INTERNAL_ERROR; } } @@ -898,10 +916,14 @@ begin: return ret; } -/* Here we no longer check if the Type of the received packet is - * ok. According to TLS 1.0 we should just ignore unknown content types. - * So we proceed as normal. +/* Here we check if the Type of the received packet is + * ok. */ + if ((ret = check_recv_type (recv_type)) < 0) + { + gnutls_assert (); + return ret; + } /* Here we check if the advertized version is the one we * negotiated in the handshake. @@ -1013,8 +1035,6 @@ begin: return GNUTLS_E_RECORD_LIMIT_REACHED; } - /* Check if the received type is the one we expect. - */ ret = record_check_type (session, recv_type, type, htype, tmp.data, decrypted_length); |