diff options
| author | Simon Josefsson <simon@josefsson.org> | 2008-05-19 21:44:43 +0200 |
|---|---|---|
| committer | Simon Josefsson <simon@josefsson.org> | 2008-05-19 23:09:30 +0200 |
| commit | d223040e498bd50a4b9e0aa493e78587ae1ed653 (patch) | |
| tree | 6e4923b409520cba7b69d49862bfaa1129a3a6f0 | |
| parent | 1c3f63b97d37ac2259467cca471c70c6e51f467a (diff) | |
| download | gnutls-d223040e498bd50a4b9e0aa493e78587ae1ed653.tar.gz | |
Fix broken debug check for GNUTLS-SA-2008-1.
| -rw-r--r-- | lib/gnutls_cipher.c | 12 |
1 files changed, 3 insertions, 9 deletions
diff --git a/lib/gnutls_cipher.c b/lib/gnutls_cipher.c index 778402aaf5..4ee6201d99 100644 --- a/lib/gnutls_cipher.c +++ b/lib/gnutls_cipher.c @@ -459,15 +459,6 @@ _gnutls_ciphertext2compressed (gnutls_session_t session, return GNUTLS_E_INTERNAL_ERROR; } - if (ciphertext.size < (unsigned) blocksize + hash_size) - { - _gnutls_record_log - ("REC[%x]: Short record length %d < %d + %d (under attack?)\n", - session, ciphertext.size, blocksize, hash_size); - gnutls_assert (); - return GNUTLS_E_DECRYPTION_FAILED; - } - /* actual decryption (inplace) */ switch (_gnutls_cipher_is_block @@ -521,6 +512,9 @@ _gnutls_ciphertext2compressed (gnutls_session_t session, if ((int)pad > (int)ciphertext.size - hash_size) { gnutls_assert (); + _gnutls_record_log + ("REC[%x]: Short record length %d > %d - %d (under attack?)\n", + session, pad, ciphertext.size, hash_size); /* We do not fail here. We check below for the * the pad_failed. If zero means success. */ |