diff options
| author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-06-14 13:09:44 +0200 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-06-14 16:07:49 +0200 |
| commit | c4b57158cf2142cc04c667aae4133d5a9dbb0024 (patch) | |
| tree | c7e43801330017deb5073022cdc8b64ed5fa3c09 | |
| parent | e953c670f242f7fd858b34977999e908d1ab26e6 (diff) | |
| download | gnutls-c4b57158cf2142cc04c667aae4133d5a9dbb0024.tar.gz | |
TLS extensions: added duplicate extension check on server side
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
| -rw-r--r-- | lib/extensions.c | 23 |
1 files changed, 18 insertions, 5 deletions
diff --git a/lib/extensions.c b/lib/extensions.c index 2042583737..e232d89e0c 100644 --- a/lib/extensions.c +++ b/lib/extensions.c @@ -179,24 +179,36 @@ _gnutls_extension_list_check(gnutls_session_t session, uint16_t type) * * In server side, this list is used to ensure we don't send * extensions that we didn't receive a corresponding value. + * + * Returns zero if failed, non-zero on success. */ -static void _gnutls_extension_list_add(gnutls_session_t session, const struct extension_entry_st *e) +static unsigned _gnutls_extension_list_add(gnutls_session_t session, const struct extension_entry_st *e, unsigned check_dup) { + unsigned i; + + if (check_dup) { + for (i=0;i<session->internals.used_exts_size;i++) { + if (session->internals.used_exts[i]->type == e->type) + return 0; + } + } if (session->internals.used_exts_size < MAX_EXT_TYPES) { session->internals.used_exts[session-> internals.used_exts_size] = e; session->internals.used_exts_size++; + return 1; } else { _gnutls_handshake_log ("extensions: Increase MAX_EXT_TYPES\n"); + return 0; } } void _gnutls_extension_list_add_sr(gnutls_session_t session) { - _gnutls_extension_list_add(session, &ext_mod_sr); + _gnutls_extension_list_add(session, &ext_mod_sr, 1); } @@ -272,9 +284,10 @@ _gnutls_parse_extensions(gnutls_session_t session, continue; } - /* only store the extension number if we support it */ if (session->security_parameters.entity == GNUTLS_SERVER) { - _gnutls_extension_list_add(session, ext); + ret = _gnutls_extension_list_add(session, ext, 1); + if (ret == 0) + return gnutls_assert_val(GNUTLS_E_RECEIVED_ILLEGAL_EXTENSION); } _gnutls_handshake_log @@ -346,7 +359,7 @@ int send_extension(gnutls_session_t session, const extension_entry_st *p, /* add this extension to the extension list */ if (session->security_parameters.entity == GNUTLS_CLIENT) - _gnutls_extension_list_add(session, p); + _gnutls_extension_list_add(session, p, 0); _gnutls_handshake_log ("EXT[%p]: Sending extension %s (%d bytes)\n", |