diff options
author | Daiki Ueno <dueno@redhat.com> | 2018-11-18 05:47:08 +0100 |
---|---|---|
committer | Daiki Ueno <dueno@redhat.com> | 2018-11-18 06:43:51 +0100 |
commit | 398ed4b42f80fd379fdc1b80cc3d02086894ed87 (patch) | |
tree | b64c68fe3ea4ddbe8ec35ee31a048f053bf3ba9e | |
parent | 92dd7f62a42094cfe7177c7191c12711494c86a0 (diff) | |
download | gnutls-398ed4b42f80fd379fdc1b80cc3d02086894ed87.tar.gz |
record: gnutls_record_send_early_data: check the upper limit
Signed-off-by: Daiki Ueno <dueno@redhat.com>
-rw-r--r-- | lib/record.c | 11 |
1 files changed, 10 insertions, 1 deletions
diff --git a/lib/record.c b/lib/record.c index 5514ddcef1..19f5b52282 100644 --- a/lib/record.c +++ b/lib/record.c @@ -52,6 +52,7 @@ #include <dtls.h> #include <dh.h> #include <random.h> +#include <xsize.h> struct tls_record_st { uint16_t header_size; @@ -2041,7 +2042,9 @@ gnutls_record_send2(gnutls_session_t session, const void *data, * as gnutls_record_send(). * * There may be a limit to the amount of data sent as early data. Use - * gnutls_record_get_max_early_data_size() to check the limit. + * gnutls_record_get_max_early_data_size() to check the limit. If the + * limit exceeds, this function returns + * %GNUTLS_E_RECORD_LIMIT_REACHED. * * Returns: The number of bytes sent, or a negative error code. The * number of bytes sent might be less than @data_size. The maximum @@ -2059,6 +2062,12 @@ ssize_t gnutls_record_send_early_data(gnutls_session_t session, if (session->security_parameters.entity != GNUTLS_CLIENT) return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); + if (xsum(session->internals. + early_data_presend_buffer.length, + data_size) > + session->security_parameters.max_early_data_size) + return gnutls_assert_val(GNUTLS_E_RECORD_LIMIT_REACHED); + ret = _gnutls_buffer_append_data(&session->internals. early_data_presend_buffer, data, |