diff options
| author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2017-09-16 14:03:54 +0200 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-09-19 10:33:27 +0200 |
| commit | 0332c32477f9d5821eb4c4b9a7f065bdf3755c50 (patch) | |
| tree | 1e611f2964b0e42b48b47f6b5f4d265c83d9d53a | |
| parent | f2eb8ac0ebad1d67795ee3151cf3516816781f9f (diff) | |
| download | gnutls-0332c32477f9d5821eb4c4b9a7f065bdf3755c50.tar.gz | |
ecdh: return more appropriate error code on empty packet
This makes tlsfuzzer's test-x25519 detect the right error
code on empty message. Previously this issue was masked by our
refusal to accept 1-byte sized fragments.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
| -rw-r--r-- | lib/auth/ecdhe.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/lib/auth/ecdhe.c b/lib/auth/ecdhe.c index 909e472dc0..cd0494eac2 100644 --- a/lib/auth/ecdhe.c +++ b/lib/auth/ecdhe.c @@ -151,6 +151,11 @@ int _gnutls_proc_ecdh_common_client_kx(gnutls_session_t session, point_size = data[i]; i += 1; + if (point_size == 0) { + ret = gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH); + goto cleanup; + } + DECR_LEN(data_size, point_size); if (ecurve->pk == GNUTLS_PK_EC) { |