diff options
author | Martin Willi <martin@revosec.ch> | 2010-09-06 10:55:15 +0200 |
---|---|---|
committer | Martin Willi <martin@revosec.ch> | 2010-09-06 15:37:51 +0200 |
commit | 0f89143b841faf78b33619cad93b93a381b49c90 (patch) | |
tree | bba4130ddbc0b142419260331dea3af0fe3be9c7 /src/libtls/tls_server.c | |
parent | 6cf85b35a41a18f3c316ceddd045d4672dfef8d3 (diff) | |
download | strongswan-0f89143b841faf78b33619cad93b93a381b49c90.tar.bz2 strongswan-0f89143b841faf78b33619cad93b93a381b49c90.tar.xz |
Parse unsupported TLS Hello extensions properly
Diffstat (limited to 'src/libtls/tls_server.c')
-rw-r--r-- | src/libtls/tls_server.c | 16 |
1 files changed, 6 insertions, 10 deletions
diff --git a/src/libtls/tls_server.c b/src/libtls/tls_server.c index aa371c30a..e6cce311c 100644 --- a/src/libtls/tls_server.c +++ b/src/libtls/tls_server.c @@ -220,29 +220,25 @@ static status_t process_client_hello(private_tls_server_t *this, extensions = tls_reader_create(ext); while (extensions->remaining(extensions)) { - if (!extensions->read_uint16(extensions, &extension)) + if (!extensions->read_uint16(extensions, &extension) || + !extensions->read_data16(extensions, &ext)) { DBG1(DBG_TLS, "received invalid ClientHello Extensions"); this->alert->add(this->alert, TLS_FATAL, TLS_DECODE_ERROR); extensions->destroy(extensions); return NEED_MORE; } - DBG1(DBG_TLS, "received TLS %N extension", + DBG1(DBG_TLS, "received TLS '%N' extension", tls_extension_names, extension); + DBG3(DBG_TLS, "%B", &ext); switch (extension) { case TLS_EXT_SIGNATURE_ALGORITHMS: - if (extensions->read_data16(extensions, &ext)) - { - this->hashsig = chunk_clone(ext); - } + this->hashsig = chunk_clone(ext); break; case TLS_EXT_ELLIPTIC_CURVES: this->curves_received = TRUE; - if (extensions->read_data16(extensions, &ext)) - { - this->curves = chunk_clone(ext); - } + this->curves = chunk_clone(ext); break; default: break; |