diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2012-02-16 14:49:33 +0100 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2012-02-16 14:49:33 +0100 |
commit | 4a7d0ec7a82b50d395d4215b3d84d55651a3f9fa (patch) | |
tree | 4630e6c723887725eb46c7a235082d0549722ec0 /lib | |
parent | 784f5810c8b9cb2de2f12627b2fc7e048fcc3e79 (diff) | |
download | gnutls-4a7d0ec7a82b50d395d4215b3d84d55651a3f9fa.tar.gz |
Prevent any handshake packet except client hello to trigger a rehandshake error. Patch by Sean Buckheister.
Diffstat (limited to 'lib')
-rw-r--r-- | lib/gnutls_record.c | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/lib/gnutls_record.c b/lib/gnutls_record.c index 6e4406a57a..acd44ae587 100644 --- a/lib/gnutls_record.c +++ b/lib/gnutls_record.c @@ -697,7 +697,8 @@ record_add_to_buffers (gnutls_session_t session, /* This is legal if HELLO_REQUEST is received - and we are a client. * If we are a server, a client may initiate a renegotiation at any time. */ - if (session->security_parameters.entity == GNUTLS_SERVER) + if (session->security_parameters.entity == GNUTLS_SERVER && + bufel->htype == GNUTLS_HANDSHAKE_CLIENT_HELLO) { gnutls_assert (); ret = @@ -715,7 +716,8 @@ record_add_to_buffers (gnutls_session_t session, * since this message will never make it up here. */ - /* So we accept it */ + /* So we accept it, if it is a Hello. If not, this will + * fail and trigger flight retransmissions after some time. */ ret = _gnutls_recv_hello_request (session, bufel->msg.data, bufel->msg.size); goto unexpected_packet; |