From f3a6c12fb06c0b7f3e54b210cafae79ca3476c08 Mon Sep 17 00:00:00 2001
From: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date: Wed, 14 Nov 2007 07:47:51 +0200
Subject: Corrected bug in decompression of expanded compression data.

---
 NEWS                  |  2 ++
 lib/gnutls_cipher.c   |  8 ++++----
 lib/gnutls_compress.c | 10 +++++-----
 lib/gnutls_compress.h |  4 ++--
 lib/gnutls_record.c   | 12 +++++++++---
 5 files changed, 22 insertions(+), 14 deletions(-)

diff --git a/NEWS b/NEWS
index 6ac4fae377..87490c37cb 100644
--- a/NEWS
+++ b/NEWS
@@ -5,6 +5,8 @@ See the end for copying conditions.
 
 * Version 2.1.6 (unreleased)
 
+** Corrected bug in decompression of expanded compression data.
+
 ** Added the --to-p8 option to certtool to convert private keys
 to PKCS #8 keys.
 
diff --git a/lib/gnutls_cipher.c b/lib/gnutls_cipher.c
index 2f7df00144..0032b1423c 100644
--- a/lib/gnutls_cipher.c
+++ b/lib/gnutls_cipher.c
@@ -91,7 +91,7 @@ _gnutls_encrypt (gnutls_session_t session, const opaque * headers,
       /* Here comp is allocated and must be 
        * freed.
        */
-      ret = _gnutls_m_plaintext2compressed (session, &comp, plain);
+      ret = _gnutls_m_plaintext2compressed (session, &comp, &plain);
       if (ret < 0)
 	{
 	  gnutls_assert ();
@@ -160,20 +160,20 @@ _gnutls_decrypt (gnutls_session_t session, opaque * ciphertext,
 
       gcomp.data = data;
       gcomp.size = ret;
-      ret = _gnutls_m_compressed2plaintext (session, &gtxt, gcomp);
+      ret = _gnutls_m_compressed2plaintext (session, &gtxt, &gcomp);
       if (ret < 0)
 	{
 	  return ret;
 	}
 
-      if (gtxt.size > max_data_size)
+      if (gtxt.size > MAX_RECORD_RECV_SIZE)
 	{
 	  gnutls_assert ();
 	  _gnutls_free_datum (&gtxt);
 	  /* This shouldn't have happen and
 	   * is a TLS fatal error.
 	   */
-	  return GNUTLS_E_INTERNAL_ERROR;
+	  return GNUTLS_E_DECOMPRESSION_FAILED;
 	}
 
       memcpy (data, gtxt.data, gtxt.size);
diff --git a/lib/gnutls_compress.c b/lib/gnutls_compress.c
index 51484f6415..32b263b9ee 100644
--- a/lib/gnutls_compress.c
+++ b/lib/gnutls_compress.c
@@ -36,14 +36,14 @@
 int
 _gnutls_m_plaintext2compressed (gnutls_session_t session,
 				gnutls_datum_t * compressed,
-				gnutls_datum_t plaintext)
+				const gnutls_datum_t* plaintext)
 {
   int size;
   opaque *data;
 
   size =
     _gnutls_compress (session->connection_state.write_compression_state,
-		      plaintext.data, plaintext.size, &data,
+		      plaintext->data, plaintext->size, &data,
 		      MAX_RECORD_SEND_SIZE + 1024);
   if (size < 0)
     {
@@ -59,15 +59,15 @@ _gnutls_m_plaintext2compressed (gnutls_session_t session,
 int
 _gnutls_m_compressed2plaintext (gnutls_session_t session,
 				gnutls_datum_t * plain,
-				gnutls_datum_t compressed)
+				const gnutls_datum_t* compressed)
 {
   int size;
   opaque *data;
 
   size =
     _gnutls_decompress (session->connection_state.
-			read_compression_state, compressed.data,
-			compressed.size, &data, MAX_RECORD_RECV_SIZE);
+			read_compression_state, compressed->data,
+			compressed->size, &data, MAX_RECORD_RECV_SIZE);
   if (size < 0)
     {
       gnutls_assert ();
diff --git a/lib/gnutls_compress.h b/lib/gnutls_compress.h
index 5934e12aa5..44666321b0 100644
--- a/lib/gnutls_compress.h
+++ b/lib/gnutls_compress.h
@@ -24,7 +24,7 @@
 
 int _gnutls_m_plaintext2compressed (gnutls_session_t session,
 				    gnutls_datum_t * compressed,
-				    gnutls_datum_t plaintext);
+				    const gnutls_datum_t *plaintext);
 int _gnutls_m_compressed2plaintext (gnutls_session_t session,
 				    gnutls_datum_t * plain,
-				    gnutls_datum_t compressed);
+				    const gnutls_datum_t* compressed);
diff --git a/lib/gnutls_record.c b/lib/gnutls_record.c
index cf904f492d..4648618746 100644
--- a/lib/gnutls_record.c
+++ b/lib/gnutls_record.c
@@ -788,13 +788,19 @@ record_check_type (gnutls_session_t session,
 inline static int
 get_temp_recv_buffer (gnutls_session_t session, gnutls_datum_t * tmp)
 {
+size_t max_record_size;
+
+  if (gnutls_compression_get(session) != GNUTLS_COMP_NULL)
+    max_record_size = MAX_RECORD_RECV_SIZE + EXTRA_COMP_SIZE;
+  else
+    max_record_size = MAX_RECORD_RECV_SIZE;
 
   /* We allocate MAX_RECORD_RECV_SIZE length
    * because we cannot predict the output data by the record
    * packet length (due to compression).
    */
 
-  if (MAX_RECORD_RECV_SIZE > session->internals.recv_buffer.size ||
+  if (max_record_size > session->internals.recv_buffer.size ||
       session->internals.recv_buffer.data == NULL)
     {
 
@@ -802,7 +808,7 @@ get_temp_recv_buffer (gnutls_session_t session, gnutls_datum_t * tmp)
        */
       session->internals.recv_buffer.data =
 	gnutls_realloc (session->internals.recv_buffer.data,
-			MAX_RECORD_RECV_SIZE);
+			max_record_size);
 
       if (session->internals.recv_buffer.data == NULL)
 	{
@@ -810,7 +816,7 @@ get_temp_recv_buffer (gnutls_session_t session, gnutls_datum_t * tmp)
 	  return GNUTLS_E_MEMORY_ERROR;
 	}
 
-      session->internals.recv_buffer.size = MAX_RECORD_RECV_SIZE;
+      session->internals.recv_buffer.size = max_record_size;
     }
 
   tmp->data = session->internals.recv_buffer.data;
-- 
cgit v1.2.1