[gnutls-devel] GnuTLS | record_size_limit extension (!733)

Development of GNU's TLS library gnutls-devel at lists.gnutls.org
Mon Aug 20 10:30:09 CEST 2018


Daiki Ueno commented on a discussion on lib/ext/record_size_limit.c:

> +};
> +
> +static int
> +_gnutls_record_size_limit_recv_params(gnutls_session_t session,
> +				      const uint8_t * data, size_t _data_size)
> +{
> +	ssize_t new_size;
> +	ssize_t data_size = _data_size;
> +
> +	DECR_LEN(data_size, 2);
> +	new_size = _gnutls_read_uint16(data);
> +
> +	/* treat receipt of a smaller value as a fatal error */
> +	if (new_size < 64)
> +		return gnutls_assert_val(GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER);
> +

Yes that makes sense; I chose 64 because it's defined in RFC8449:
```
Endpoints MUST NOT send a "record_size_limit" extension with a value smaller than 64.  An endpoint MUST treat receipt of a smaller value as a fatal error and generate an "illegal_parameter" alert.
```

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/733#note_95448555
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180820/aa038b14/attachment-0001.html>


More information about the Gnutls-devel mailing list