From 5c5ec8517a8f431dc8d1d4cd92c76573d8938e00 Mon Sep 17 00:00:00 2001 From: Nikos Mavrogiannopoulos Date: Thu, 22 May 2014 09:21:20 +0200 Subject: When assigning the TLS version, double check that it is valid. --- lib/gnutls_handshake.c | 14 +++++++++----- lib/gnutls_int.h | 13 +++++++++---- lib/gnutls_priority.c | 12 ++++++++---- 3 files changed, 26 insertions(+), 13 deletions(-) diff --git a/lib/gnutls_handshake.c b/lib/gnutls_handshake.c index febfee9176..e5279bee5b 100644 --- a/lib/gnutls_handshake.c +++ b/lib/gnutls_handshake.c @@ -168,10 +168,11 @@ static int resume_copy_required_values(gnutls_session_t session) NULL) return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR); - _gnutls_set_current_version(session, + if (_gnutls_set_current_version(session, session->internals. resumed_security_parameters.pversion-> - id); + id) < 0) + return gnutls_assert_val(GNUTLS_E_UNSUPPORTED_VERSION_PACKET); session->security_parameters.cert_type = session->internals.resumed_security_parameters.cert_type; @@ -419,7 +420,8 @@ _gnutls_negotiate_version(gnutls_session_t session, ret = adv_version; } - _gnutls_set_current_version(session, ret); + if (_gnutls_set_current_version(session, ret) < 0) + return gnutls_assert_val(GNUTLS_E_UNSUPPORTED_VERSION_PACKET); return ret; } @@ -1726,7 +1728,8 @@ _gnutls_read_server_hello(gnutls_session_t session, gnutls_assert(); return GNUTLS_E_UNSUPPORTED_VERSION_PACKET; } else { - _gnutls_set_current_version(session, version); + if (_gnutls_set_current_version(session, version) < 0) + return gnutls_assert_val(GNUTLS_E_UNSUPPORTED_VERSION_PACKET); } pos += 2; @@ -1957,7 +1960,8 @@ static int _gnutls_send_client_hello(gnutls_session_t session, int again) * (RSA uses it). */ set_adv_version(session, hver->major, hver->minor); - _gnutls_set_current_version(session, hver->id); + if (_gnutls_set_current_version(session, hver->id) < 0) + return gnutls_assert_val(GNUTLS_E_UNSUPPORTED_VERSION_PACKET); if (session->internals.priorities.ssl3_record_version != 0) { /* Advertize the SSL 3.0 record packet version in diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h index a7157540ff..f51d219ee2 100644 --- a/lib/gnutls_int.h +++ b/lib/gnutls_int.h @@ -1021,16 +1021,21 @@ inline static unsigned get_num_version(gnutls_session_t session) return GNUTLS_VERSION_UNKNOWN; } -#define _gnutls_set_current_version(s, v) { \ - s->security_parameters.pversion = version_to_entry(v); \ - } - #define timespec_sub_ms _gnutls_timespec_sub_ms unsigned int /* returns a-b in ms */ timespec_sub_ms(struct timespec *a, struct timespec *b); #include +inline static int _gnutls_set_current_version(gnutls_session_t s, unsigned v) +{ + s->security_parameters.pversion = version_to_entry(v); + if (s->security_parameters.pversion == NULL) { + return GNUTLS_E_UNSUPPORTED_VERSION_PACKET; + } + return 0; +} + inline static size_t max_user_send_size(gnutls_session_t session, record_parameters_st * record_params) diff --git a/lib/gnutls_priority.c b/lib/gnutls_priority.c index 4658fffbac..4e8eddf550 100644 --- a/lib/gnutls_priority.c +++ b/lib/gnutls_priority.c @@ -196,7 +196,8 @@ int gnutls_protocol_set_priority(gnutls_session_t session, const int *list) /* set the current version to the first in the chain. * This will be overridden later. */ - _gnutls_set_current_version(session, list[0]); + if (_gnutls_set_current_version(session, list[0]) < 0) + return gnutls_assert_val(GNUTLS_E_UNSUPPORTED_VERSION_PACKET); } return 0; @@ -573,10 +574,13 @@ gnutls_priority_set(gnutls_session_t session, gnutls_priority_t priority) /* set the current version to the first in the chain. * This will be overridden later. */ - if (session->internals.priorities.protocol.algorithms > 0) - _gnutls_set_current_version(session, + if (session->internals.priorities.protocol.algorithms > 0) { + if (_gnutls_set_current_version(session, session->internals.priorities. - protocol.priority[0]); + protocol.priority[0]) < 0) { + return gnutls_assert_val(GNUTLS_E_UNSUPPORTED_VERSION_PACKET); + } + } if (session->internals.priorities.protocol.algorithms == 0 || session->internals.priorities.cipher.algorithms == 0 || -- cgit v1.2.1