diff options
| author | lloyd <[email protected]> | 2010-03-30 17:37:02 +0000 |
|---|---|---|
| committer | lloyd <[email protected]> | 2010-03-30 17:37:02 +0000 |
| commit | 4926c94a69c93379e5fccad595f158b73933c5d4 (patch) | |
| tree | b7b45666a8f4432a1cebc92b4a9b684870020030 | |
| parent | 23af33bedd546c24d17941a51912cfeac0150491 (diff) | |
Instead of just discarding the extension size, confirm that the
claimed length matches the length of the data left in the client hello
packet.
| -rw-r--r-- | src/ssl/hello.cpp | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/src/ssl/hello.cpp b/src/ssl/hello.cpp index 5c3b561ec..a23d51c24 100644 --- a/src/ssl/hello.cpp +++ b/src/ssl/hello.cpp @@ -130,7 +130,10 @@ void Client_Hello::deserialize(const MemoryRegion<byte>& buf) if(reader.has_remaining()) { - reader.discard_next(2); // the extension size; we just read to end + const u16bit all_extn_size = reader.get_u16bit(); + + if(reader.remaining_bytes() != all_extn_size) + throw Decoding_Error("Client_Hello: Bad extension size"); while(reader.has_remaining()) { |