diff options
author | Jack Lloyd <[email protected]> | 2017-11-28 14:17:40 -0500 |
---|---|---|
committer | Jack Lloyd <[email protected]> | 2017-11-28 14:17:40 -0500 |
commit | 7ff369a0a26cfd9803d58eeb0206204890779b79 (patch) | |
tree | 20797570e5e14b2bd151df88265adbf7533831c3 | |
parent | 14499ea0f9494208ae184ee74b4a71e2fe84a404 (diff) |
Tighten up checks on signature key exchange message
An empty extension is not allowed, but was previously accepted.
-rw-r--r-- | src/lib/tls/tls_extensions.cpp | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/lib/tls/tls_extensions.cpp b/src/lib/tls/tls_extensions.cpp index 8f13b2c6d..d521f6bf8 100644 --- a/src/lib/tls/tls_extensions.cpp +++ b/src/lib/tls/tls_extensions.cpp @@ -586,7 +586,7 @@ Signature_Algorithms::Signature_Algorithms(TLS_Data_Reader& reader, { uint16_t len = reader.get_uint16_t(); - if(len + 2 != extension_size) + if(len + 2 != extension_size || len % 2 == 1 || len == 0) throw Decoding_Error("Bad encoding on signature algorithms extension"); while(len) |