forked from pool/gnutls
32 lines
1.2 KiB
Diff
32 lines
1.2 KiB
Diff
|
Index: gnutls-3.0.3/lib/gnutls_cipher.c
|
||
|
|
===================================================================
|
||
|
|
--- gnutls-3.0.3.orig/lib/gnutls_cipher.c
|
||
|
|
+++ gnutls-3.0.3/lib/gnutls_cipher.c
|
||
|
|
@@ -502,7 +502,7 @@ ciphertext_to_compressed (gnutls_session
|
||
|
|
|
||
|
|
break;
|
||
|
|
case CIPHER_BLOCK:
|
||
|
|
- if (ciphertext->size < MAX(blocksize, tag_size) || (ciphertext->size % blocksize != 0))
|
||
|
|
+ if (ciphertext->size < blocksize || (ciphertext->size % blocksize != 0))
|
||
|
|
return gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH);
|
||
|
|
|
||
|
|
/* ignore the IV in TLS 1.1+
|
||
|
|
@@ -514,14 +514,11 @@ ciphertext_to_compressed (gnutls_session
|
||
|
|
|
||
|
|
ciphertext->size -= blocksize;
|
||
|
|
ciphertext->data += blocksize;
|
||
|
|
-
|
||
|
|
- if (ciphertext->size == 0)
|
||
|
|
- {
|
||
|
|
- gnutls_assert ();
|
||
|
|
- return GNUTLS_E_DECRYPTION_FAILED;
|
||
|
|
- }
|
||
|
|
}
|
||
|
|
|
||
|
|
+ if (ciphertext->size < tag_size)
|
||
|
|
+ return gnutls_assert_val(GNUTLS_E_DECRYPTION_FAILED);
|
||
|
|
+
|
||
|
|
/* we don't use the auth_cipher interface here, since
|
||
|
|
* TLS with block ciphers is impossible to be used under such
|
||
|
|
* an API. (the length of plaintext is required to calculate
|