aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJack Lloyd <[email protected]>2017-11-28 14:17:40 -0500
committerJack Lloyd <[email protected]>2017-11-28 14:17:40 -0500
commit7ff369a0a26cfd9803d58eeb0206204890779b79 (patch)
tree20797570e5e14b2bd151df88265adbf7533831c3
parent14499ea0f9494208ae184ee74b4a71e2fe84a404 (diff)
Tighten up checks on signature key exchange message
An empty extension is not allowed, but was previously accepted.
-rw-r--r--src/lib/tls/tls_extensions.cpp2
1 files changed, 1 insertions, 1 deletions
diff --git a/src/lib/tls/tls_extensions.cpp b/src/lib/tls/tls_extensions.cpp
index 8f13b2c6d..d521f6bf8 100644
--- a/src/lib/tls/tls_extensions.cpp
+++ b/src/lib/tls/tls_extensions.cpp
@@ -586,7 +586,7 @@ Signature_Algorithms::Signature_Algorithms(TLS_Data_Reader& reader,
{
uint16_t len = reader.get_uint16_t();
- if(len + 2 != extension_size)
+ if(len + 2 != extension_size || len % 2 == 1 || len == 0)
throw Decoding_Error("Bad encoding on signature algorithms extension");
while(len)