Prevent any handshake packet except client hello to trigger a rehandshake error. Patch by Sean Buckheister.

author: Nikos Mavrogiannopoulos <nmav@gnutls.org> 2012-02-16 14:49:33 +0100
committer: Nikos Mavrogiannopoulos <nmav@gnutls.org> 2012-02-16 14:49:33 +0100
commit: 4a7d0ec7a82b50d395d4215b3d84d55651a3f9fa (patch)
tree: 4630e6c723887725eb46c7a235082d0549722ec0
parent: 784f5810c8b9cb2de2f12627b2fc7e048fcc3e79 (diff)
download: gnutls-4a7d0ec7a82b50d395d4215b3d84d55651a3f9fa.tar.gz
1 files changed, 4 insertions, 2 deletions
diff --git a/lib/gnutls_record.c b/lib/gnutls_record.c
index 6e4406a57a..acd44ae587 100644
--- a/lib/gnutls_record.c
+++ b/lib/gnutls_record.c
@@ -697,7 +697,8 @@ record_add_to_buffers (gnutls_session_t session,
           /* This is legal if HELLO_REQUEST is received - and we are a client.
            * If we are a server, a client may initiate a renegotiation at any time.
            */
-          if (session->security_parameters.entity == GNUTLS_SERVER)
+          if (session->security_parameters.entity == GNUTLS_SERVER &&
+              bufel->htype == GNUTLS_HANDSHAKE_CLIENT_HELLO)
             {
               gnutls_assert ();
               ret =
@@ -715,7 +716,8 @@ record_add_to_buffers (gnutls_session_t session,
            * since this message will never make it up here.
            */
 
-          /* So we accept it */
+          /* So we accept it, if it is a Hello. If not, this will
+           * fail and trigger flight retransmissions after some time. */
           ret = _gnutls_recv_hello_request (session, bufel->msg.data, bufel->msg.size);
           goto unexpected_packet;
author	Nikos Mavrogiannopoulos <nmav@gnutls.org>	2012-02-16 14:49:33 +0100
committer	Nikos Mavrogiannopoulos <nmav@gnutls.org>	2012-02-16 14:49:33 +0100
commit	4a7d0ec7a82b50d395d4215b3d84d55651a3f9fa (patch)
tree	4630e6c723887725eb46c7a235082d0549722ec0
parent	784f5810c8b9cb2de2f12627b2fc7e048fcc3e79 (diff)
download	gnutls-4a7d0ec7a82b50d395d4215b3d84d55651a3f9fa.tar.gz