[gnutls-devel] GnuTLS | record_size_limit extension (!733)

Development of GNU's TLS library gnutls-devel at lists.gnutls.org
Mon Aug 20 13:30:31 CEST 2018


Nikos Mavrogiannopoulos started a new discussion on lib/ext/record_size_limit.c:

>  	new_size = _gnutls_read_uint16(data);
>  
>  	/* treat receipt of a smaller value as a fatal error */
> -	if (new_size < 64)
> +	if (new_size < MIN_RECORD_SIZE)

What about doing:
```
/* protocol error */
if (new_size < 64)
        return gnutls_assert_val(GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER);

/* we do not want to accept sizes less than that */
if (new_size < MIN_RECORD_SIZE)
         return 0;

```
That way we will still allow clients making "legal" proposals, but we'll ignore them, right?

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/733#note_95496625
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180820/7a12bbea/attachment.html>


More information about the Gnutls-devel mailing list