When assigning the TLS version, double check that it is valid.

3 files changed, 26 insertions, 13 deletions

diff --git a/lib/gnutls_handshake.c b/lib/gnutls_handshake.c
index febfee9176..e5279bee5b 100644
--- a/lib/gnutls_handshake.c
+++ b/lib/gnutls_handshake.c
@@ -168,10 +168,11 @@ static int resume_copy_required_values(gnutls_session_t session)
 	    NULL)
 		return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
 
-	_gnutls_set_current_version(session,
+	if (_gnutls_set_current_version(session,
 				    session->internals.
 				    resumed_security_parameters.pversion->
-				    id);
+				    id) < 0)
+		return gnutls_assert_val(GNUTLS_E_UNSUPPORTED_VERSION_PACKET);
 
 	session->security_parameters.cert_type =
 	    session->internals.resumed_security_parameters.cert_type;
@@ -419,7 +420,8 @@ _gnutls_negotiate_version(gnutls_session_t session,
 		ret = adv_version;
 	}
 
-	_gnutls_set_current_version(session, ret);
+	if (_gnutls_set_current_version(session, ret) < 0)
+		return gnutls_assert_val(GNUTLS_E_UNSUPPORTED_VERSION_PACKET);
 
 	return ret;
 }
@@ -1726,7 +1728,8 @@ _gnutls_read_server_hello(gnutls_session_t session,
 		gnutls_assert();
 		return GNUTLS_E_UNSUPPORTED_VERSION_PACKET;
 	} else {
-		_gnutls_set_current_version(session, version);
+		if (_gnutls_set_current_version(session, version) < 0)
+			return gnutls_assert_val(GNUTLS_E_UNSUPPORTED_VERSION_PACKET);
 	}
 
 	pos += 2;
@@ -1957,7 +1960,8 @@ static int _gnutls_send_client_hello(gnutls_session_t session, int again)
 		 * (RSA uses it).
 		 */
 		set_adv_version(session, hver->major, hver->minor);
-		_gnutls_set_current_version(session, hver->id);
+		if (_gnutls_set_current_version(session, hver->id) < 0)
+			return gnutls_assert_val(GNUTLS_E_UNSUPPORTED_VERSION_PACKET);
 
 		if (session->internals.priorities.ssl3_record_version != 0) {
 			/* Advertize the SSL 3.0 record packet version in
diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h
index a7157540ff..f51d219ee2 100644
--- a/lib/gnutls_int.h
+++ b/lib/gnutls_int.h
@@ -1021,16 +1021,21 @@ inline static unsigned get_num_version(gnutls_session_t session)
 		return GNUTLS_VERSION_UNKNOWN;
 }
 
-#define _gnutls_set_current_version(s, v) { \
-  s->security_parameters.pversion = version_to_entry(v); \
-  }
-
 #define timespec_sub_ms _gnutls_timespec_sub_ms
 unsigned int
 /* returns a-b in ms */
  timespec_sub_ms(struct timespec *a, struct timespec *b);
 
 #include <algorithms.h>
+inline static int _gnutls_set_current_version(gnutls_session_t s, unsigned v)
+{
+	s->security_parameters.pversion = version_to_entry(v);
+	if (s->security_parameters.pversion == NULL) {
+		return GNUTLS_E_UNSUPPORTED_VERSION_PACKET;
+	}
+	return 0;
+}
+
 inline static size_t max_user_send_size(gnutls_session_t session,
 					record_parameters_st *
 					record_params)
diff --git a/lib/gnutls_priority.c b/lib/gnutls_priority.c
index 4658fffbac..4e8eddf550 100644
--- a/lib/gnutls_priority.c
+++ b/lib/gnutls_priority.c
@@ -196,7 +196,8 @@ int gnutls_protocol_set_priority(gnutls_session_t session, const int *list)
 		/* set the current version to the first in the chain.
 		 * This will be overridden later.
 		 */
-		_gnutls_set_current_version(session, list[0]);
+		if (_gnutls_set_current_version(session, list[0]) < 0)
+			return gnutls_assert_val(GNUTLS_E_UNSUPPORTED_VERSION_PACKET);
 	}
 
 	return 0;
@@ -573,10 +574,13 @@ gnutls_priority_set(gnutls_session_t session, gnutls_priority_t priority)
 	/* set the current version to the first in the chain.
 	 * This will be overridden later.
 	 */
-	if (session->internals.priorities.protocol.algorithms > 0)
-		_gnutls_set_current_version(session,
+	if (session->internals.priorities.protocol.algorithms > 0) {
+		if (_gnutls_set_current_version(session,
 					    session->internals.priorities.
-					    protocol.priority[0]);
+					    protocol.priority[0]) < 0) {
+			return gnutls_assert_val(GNUTLS_E_UNSUPPORTED_VERSION_PACKET);
+		}
+	}
 
 	if (session->internals.priorities.protocol.algorithms == 0 ||
 	    session->internals.priorities.cipher.algorithms == 0 ||