blob: 8277e2b2d40a7e340a460d8aba97856f8d432958 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
|
diff --git a/lib/gnutls_cipher.c b/lib/gnutls_cipher.c
index 198cb34..3caa5ac 100644
--- a/lib/gnutls_cipher.c
+++ b/lib/gnutls_cipher.c
@@ -710,7 +710,11 @@ ciphertext_to_compressed (gnutls_session_t session,
return gnutls_assert_val(ret);
if (unlikely((unsigned)length_to_decrypt > compressed->size))
- return gnutls_assert_val(GNUTLS_E_DECRYPTION_FAILED);
+ {
+ _gnutls_audit_log(session, "Received %u bytes, while expecting less than %u\n",
+ (unsigned int)length_to_decrypt, (unsigned int)compressed->size);
+ return gnutls_assert_val(GNUTLS_E_DECRYPTION_FAILED);
+ }
ret =
_gnutls_auth_cipher_decrypt2 (¶ms->read.cipher_state,
diff --git a/lib/gnutls_record.c b/lib/gnutls_record.c
index 993ddb9..4795711 100644
--- a/lib/gnutls_record.c
+++ b/lib/gnutls_record.c
@@ -1193,8 +1193,8 @@ begin:
/* We allocate the maximum possible to allow few compressed bytes to expand to a
* full record.
*/
- decrypted = _mbuffer_alloc(MAX_RECORD_RECV_SIZE(session),
- MAX_RECORD_RECV_SIZE(session));
+ t.size = _gnutls_get_max_decrypted_data(session);
+ decrypted = _mbuffer_alloc(t.size, t.size);
if (decrypted == NULL)
return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
|
