diff options
author | Daiki Ueno <dueno@redhat.com> | 2019-05-21 08:32:21 +0200 |
---|---|---|
committer | Daiki Ueno <dueno@redhat.com> | 2019-05-22 10:38:48 +0200 |
commit | 62ef33c0b97a36f370903d5e8717800ccb78f8cb (patch) | |
tree | e66a2dd24010fd6923c61bd2efddad2833da0c2c /lib | |
parent | 27ec82e781b3960693cd4550440ab7c1664553b8 (diff) | |
download | gnutls-62ef33c0b97a36f370903d5e8717800ccb78f8cb.tar.gz |
record_add_to_buffers: check if there is an incomplete handshake header
The function checks if a Handshake message is interleaved with an
Application Data, but the check was insuffient because it assumed that
a complete header is received in the buffer.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
Diffstat (limited to 'lib')
-rw-r--r-- | lib/record.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/lib/record.c b/lib/record.c index 7d661e2309..e17bebacdf 100644 --- a/lib/record.c +++ b/lib/record.c @@ -824,7 +824,9 @@ record_add_to_buffers(gnutls_session_t session, /* application data cannot be inserted between (async) handshake * messages */ - if (type == GNUTLS_APPLICATION_DATA && session->internals.handshake_recv_buffer_size != 0) { + if (type == GNUTLS_APPLICATION_DATA && + (session->internals.handshake_recv_buffer_size != 0 || + session->internals.handshake_header_recv_buffer.length != 0)) { ret = gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET); goto unexpected_packet; } |