[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SCM] GNU gnutls branch, master, updated. gnutls_2_11_6-217-gb4d5df4
|
From: |
Nikos Mavrogiannopoulos |
|
Subject: |
[SCM] GNU gnutls branch, master, updated. gnutls_2_11_6-217-gb4d5df4 |
|
Date: |
Sun, 20 Feb 2011 20:52:39 +0000 |
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".
http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=b4d5df461f27da034da090da355e179d95702721
The branch, master has been updated
via b4d5df461f27da034da090da355e179d95702721 (commit)
from 024e46e556767d9b04a217e7acc4ae1987d0f6b6 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit b4d5df461f27da034da090da355e179d95702721
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Sun Feb 20 21:52:35 2011 +0100
Discard messages that contain a different epoch than the current one.
-----------------------------------------------------------------------
Summary of changes:
lib/gnutls_constate.h | 13 +++++++++++++
lib/gnutls_record.c | 22 +++++++++++++++++++---
2 files changed, 32 insertions(+), 3 deletions(-)
diff --git a/lib/gnutls_constate.h b/lib/gnutls_constate.h
index 65b609d..82744cb 100644
--- a/lib/gnutls_constate.h
+++ b/lib/gnutls_constate.h
@@ -47,6 +47,19 @@ void _gnutls_epoch_gc (gnutls_session_t session);
void _gnutls_epoch_free (gnutls_session_t session,
record_parameters_st * state);
+static inline int _gnutls_epoch_is_valid(gnutls_session_t session, int epoch)
+{
+ record_parameters_st * params;
+ int ret;
+
+ ret = _gnutls_epoch_get( session, epoch, ¶ms);
+ if (ret < 0)
+ return 0;
+
+ return 1;
+}
+
+
static inline int _gnutls_epoch_refcount_inc(gnutls_session_t session, int
epoch)
{
record_parameters_st * params;
diff --git a/lib/gnutls_record.c b/lib/gnutls_record.c
index ebbeede..10c074f 100644
--- a/lib/gnutls_record.c
+++ b/lib/gnutls_record.c
@@ -1054,6 +1054,7 @@ begin:
return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
}
+
/* ok now we are sure that we can read all the data - so
* move on !
*/
@@ -1074,8 +1075,23 @@ begin:
return ret;
}
- if (IS_DTLS(session))
- decrypt_sequence = &dtls_sequence;
+ /* Check if the DTLS epoch is valid */
+ if (IS_DTLS(session))
+ {
+ uint16_t epoch = _gnutls_read_uint16(dtls_sequence.i);
+
+ if (_gnutls_epoch_is_valid(session, epoch) == 0)
+ {
+ _gnutls_audit_log("Discarded message with invalid epoch 0x%.2x%.2x
current: 0x%.4x\n",
+ (int)dtls_sequence.i[0], (int)dtls_sequence.i[1],
(int)record_params->epoch);
+
+ _mbuffer_remove_bytes (&session->internals.record_recv_buffer,
+ header_size + length);
+ return GNUTLS_E_AGAIN;
+ }
+
+ decrypt_sequence = &dtls_sequence;
+ }
else
decrypt_sequence = &record_state->sequence_number;
@@ -1104,7 +1120,7 @@ begin:
ret = _dtls_record_check(session, decrypt_sequence);
if (ret < 0)
{
- _gnutls_audit_log("Duplicate message with sequence %u\n",
+ _gnutls_audit_log("Discarded duplicate message with sequence %u\n",
(unsigned int) _gnutls_uint64touint32 (decrypt_sequence));
return GNUTLS_E_AGAIN;
}
hooks/post-receive
--
GNU gnutls
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [SCM] GNU gnutls branch, master, updated. gnutls_2_11_6-217-gb4d5df4,
Nikos Mavrogiannopoulos <=