diff options
| author | Martin Willi <martin@revosec.ch> | 2010-09-06 17:04:59 +0200 |
|---|---|---|
| committer | Martin Willi <martin@revosec.ch> | 2010-09-06 17:04:59 +0200 |
| commit | fe559b5156519c2b03ad8b64b4e9b5c52d9be121 (patch) | |
| tree | 00bac713b9126a8826b3652d4b9516726804e54d /src/libtls/tls_protection.c | |
| parent | adb913adeb3788be259a8b4ecbba1df92303972b (diff) | |
| download | strongswan-fe559b5156519c2b03ad8b64b4e9b5c52d9be121.tar.bz2 strongswan-fe559b5156519c2b03ad8b64b4e9b5c52d9be121.tar.xz | |
Accept TLS records with zero-length plaintext
Diffstat (limited to 'src/libtls/tls_protection.c')
| -rw-r--r-- | src/libtls/tls_protection.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/libtls/tls_protection.c b/src/libtls/tls_protection.c index 574e69167..d823bae04 100644 --- a/src/libtls/tls_protection.c +++ b/src/libtls/tls_protection.c @@ -168,7 +168,7 @@ METHOD(tls_protection_t, process, status_t, u_int8_t bs; bs = this->signer_in->get_block_size(this->signer_in); - if (data.len <= bs) + if (data.len < bs) { DBG1(DBG_TLS, "TLS record too short to verify MAC"); this->alert->add(this->alert, TLS_FATAL, TLS_BAD_RECORD_MAC); |