[gnutls-devel] GnuTLS | Fix issues in record_size_limit extension handling (!879)

Development of GNU's TLS library gnutls-devel at lists.gnutls.org
Fri Feb 8 16:14:26 CET 2019


Daiki Ueno commented on a discussion on lib/ext/record_size_limit.c:

> +	/* we do not want to accept sizes outside of our supported range */
> +	if (new_size < MIN_RECORD_SIZE) {
> +		/* for server, reject it by omitting the extension in the reply */
> +		if (session->security_parameters.entity == GNUTLS_SERVER)
> +			return gnutls_assert_val(0);
> +		else
> +			return gnutls_assert_val(GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER);
> +	}
>  
>  	session->internals.hsk_flags |= HSK_RECORD_SIZE_LIMIT_NEGOTIATED;
>  
> -	session->security_parameters.max_record_recv_size = new_size;
> +	_gnutls_handshake_log("EXT[%p]: record_size_limit %u negotiated\n",
> +			      session, (unsigned)new_size);
> +
> +	session->security_parameters.max_record_recv_size =

The size is checked against plaintext if I understand correctly.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/879#note_139607805
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20190208/054771e0/attachment-0001.html>


More information about the Gnutls-devel mailing list