Enforce the DEFAULT_MAX_VERIFY_BITS for DH prime size as well.

Conflicts:
	lib/auth/dh_common.c

1 files changed, 13 insertions, 2 deletions

diff --git a/lib/auth/dh_common.c b/lib/auth/dh_common.c
index 1efb4a2771..7257a61857 100644
--- a/lib/auth/dh_common.c
+++ b/lib/auth/dh_common.c
@@ -203,7 +203,7 @@ _gnutls_proc_dh_common_server_kx(gnutls_session_t session,
 	uint8_t *data_p;
 	uint8_t *data_g;
 	uint8_t *data_Y;
-	int i, bits, ret;
+	int i, bits, ret, p_bits;
 	ssize_t data_size = _data_size;
 
 	i = 0;
@@ -255,7 +255,8 @@ _gnutls_proc_dh_common_server_kx(gnutls_session_t session,
 		return bits;
 	}
 
-	if (_gnutls_mpi_get_nbits(session->key.client_p) < (size_t) bits) {
+	p_bits = _gnutls_mpi_get_nbits(session->key.client_p);
+	if (p_bits < bits) {
 		/* the prime used by the peer is not acceptable
 		 */
 		gnutls_assert();
@@ -267,8 +268,18 @@ _gnutls_proc_dh_common_server_kx(gnutls_session_t session,
 		return GNUTLS_E_DH_PRIME_UNACCEPTABLE;
 	}
 
+	if (p_bits >= DEFAULT_MAX_VERIFY_BITS) {
+		gnutls_assert();
+		_gnutls_debug_log
+		    ("Received a prime of %u bits, limit is %u\n",
+		     (unsigned) p_bits,
+		     (unsigned) DEFAULT_MAX_VERIFY_BITS);
+		return GNUTLS_E_DH_PRIME_UNACCEPTABLE;
+	}
+
 	_gnutls_dh_set_group(session, session->key.client_g,
 			     session->key.client_p);
+
 	_gnutls_dh_set_peer_public(session, session->key.client_Y);
 
 	ret = n_Y + n_p + n_g + 6;