diff options
| author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2016-10-14 10:08:35 +0200 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2016-10-14 12:50:38 +0200 |
| commit | 9f69b1c4eb9bb7591a05646412d290b28c37b86b (patch) | |
| tree | 3cd1969b19d570e6edcabec2bcf98138e2ad73b2 | |
| parent | a7698b53df8b7d09600964a34417c5169b426c9e (diff) | |
| download | gnutls-9f69b1c4eb9bb7591a05646412d290b28c37b86b.tar.gz | |
record: disallow parsing of alert messages prior to session start
| -rw-r--r-- | lib/record.c | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/lib/record.c b/lib/record.c index 69cd6c2871..e2921055d2 100644 --- a/lib/record.c +++ b/lib/record.c @@ -762,6 +762,12 @@ record_add_to_buffers(gnutls_session_t session, gnutls_alert_get_name((int) bufel->msg. data[1])); + if (!session->internals.initial_negotiation_completed && + session->internals.handshake_in_progress && STATE == STATE0) { /* handshake hasn't started */ + ret = gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET); + goto unexpected_packet; + } + session->internals.last_alert = bufel->msg.data[1]; /* if close notify is received and @@ -778,7 +784,6 @@ record_add_to_buffers(gnutls_session_t session, /* if the alert is FATAL or WARNING * return the apropriate message */ - gnutls_assert(); ret = GNUTLS_E_WARNING_ALERT_RECEIVED; if (bufel->msg.data[0] == GNUTLS_AL_FATAL) { |