handshake: set a maximum number of warning messages that can be received per handshake

That is to avoid DoS due to the assymetry of cost of sending an alert vs the cost
of processing.
parent 9f69b1c4
Pipeline #4606924 passed with stage
in 48 minutes and 55 seconds
......@@ -976,9 +976,9 @@ typedef struct {
/* DTLS session state */
dtls_st dtls;
/* In case of clients that don't handle GNUTLS_E_LARGE_PACKET, don't
* force them into an infinite loop */
unsigned handshake_large_loops;
/* Protect from infinite loops due to GNUTLS_E_LARGE_PACKET non-handling
* or due to multiple alerts being received. */
unsigned handshake_suspicious_loops;
/* should be non-zero when a handshake is in progress */
bool handshake_in_progress;
......
......@@ -2675,12 +2675,17 @@ gnutls_handshake_set_timeout(gnutls_session_t session, unsigned int ms)
return ret; \
if (ret == GNUTLS_E_GOT_APPLICATION_DATA && session->internals.initial_negotiation_completed != 0) \
return ret; \
if (ret == GNUTLS_E_LARGE_PACKET && session->internals.handshake_large_loops < 16) { \
session->internals.handshake_large_loops++; \
return ret; \
if (session->internals.handshake_suspicious_loops < 16) { \
if (ret == GNUTLS_E_LARGE_PACKET) { \
session->internals.handshake_suspicious_loops++; \
return ret; \
} \
/* a warning alert might interrupt handshake */ \
if (allow_alert != 0 && ret==GNUTLS_E_WARNING_ALERT_RECEIVED) { \
session->internals.handshake_suspicious_loops++; \
return ret; \
} \
} \
/* a warning alert might interrupt handshake */ \
if (allow_alert != 0 && ret==GNUTLS_E_WARNING_ALERT_RECEIVED) return ret; \
gnutls_assert(); \
ERR( str, ret); \
/* do not allow non-fatal errors at this point */ \
......
......@@ -287,7 +287,7 @@ static void _gnutls_handshake_internal_state_init(gnutls_session_t session)
session->internals.resumable = RESUME_TRUE;
session->internals.handshake_large_loops = 0;
session->internals.handshake_suspicious_loops = 0;
session->internals.dtls.hsk_read_seq = 0;
session->internals.dtls.hsk_write_seq = 0;
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment