diff options
| author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2013-07-26 17:08:19 +0200 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2013-07-26 17:08:19 +0200 |
| commit | 1c81935ffc40d01403243f6ad9c65e4bbc8a0e96 (patch) | |
| tree | 91c2150d11956dffcbb3615d67c9d488d8d030be | |
| parent | 6f7cccba2d32f5ad3ee09cf426857183020d9203 (diff) | |
| download | gnutls-1c81935ffc40d01403243f6ad9c65e4bbc8a0e96.tar.gz | |
When in compatibility mode allow for larger record sizes than the maximum.
| -rw-r--r-- | lib/gnutls_cipher.c | 6 | ||||
| -rw-r--r-- | lib/gnutls_record.c | 4 |
2 files changed, 7 insertions, 3 deletions
diff --git a/lib/gnutls_cipher.c b/lib/gnutls_cipher.c index 198cb34d15..3caa5aca9d 100644 --- a/lib/gnutls_cipher.c +++ b/lib/gnutls_cipher.c @@ -710,7 +710,11 @@ ciphertext_to_compressed (gnutls_session_t session, return gnutls_assert_val(ret); if (unlikely((unsigned)length_to_decrypt > compressed->size)) - return gnutls_assert_val(GNUTLS_E_DECRYPTION_FAILED); + { + _gnutls_audit_log(session, "Received %u bytes, while expecting less than %u\n", + (unsigned int)length_to_decrypt, (unsigned int)compressed->size); + return gnutls_assert_val(GNUTLS_E_DECRYPTION_FAILED); + } ret = _gnutls_auth_cipher_decrypt2 (¶ms->read.cipher_state, diff --git a/lib/gnutls_record.c b/lib/gnutls_record.c index 993ddb912e..4795711aab 100644 --- a/lib/gnutls_record.c +++ b/lib/gnutls_record.c @@ -1193,8 +1193,8 @@ begin: /* We allocate the maximum possible to allow few compressed bytes to expand to a * full record. */ - decrypted = _mbuffer_alloc(MAX_RECORD_RECV_SIZE(session), - MAX_RECORD_RECV_SIZE(session)); + t.size = _gnutls_get_max_decrypted_data(session); + decrypted = _mbuffer_alloc(t.size, t.size); if (decrypted == NULL) return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR); |