From c3d37da69d481cc85dd063d0f6d2af67778c4e37 Mon Sep 17 00:00:00 2001 From: Daiki Ueno Date: Tue, 21 May 2019 08:32:21 +0200 Subject: record_add_to_buffers: check if there is an incomplete handshake header The function checks if a Handshake message is interleaved with an Application Data, but the check was insuffient because it assumed that a complete header is received in the buffer. This should also fix (1) of #699. Signed-off-by: Daiki Ueno --- lib/record.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/lib/record.c b/lib/record.c index 7d661e2309..e17bebacdf 100644 --- a/lib/record.c +++ b/lib/record.c @@ -824,7 +824,9 @@ record_add_to_buffers(gnutls_session_t session, /* application data cannot be inserted between (async) handshake * messages */ - if (type == GNUTLS_APPLICATION_DATA && session->internals.handshake_recv_buffer_size != 0) { + if (type == GNUTLS_APPLICATION_DATA && + (session->internals.handshake_recv_buffer_size != 0 || + session->internals.handshake_header_recv_buffer.length != 0)) { ret = gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET); goto unexpected_packet; } -- cgit v1.2.1