[gnutls-devel] GnuTLS | GnuTLS sends record_overflow when client message is within the length limit (#1224)
Read-only notification of GnuTLS library development activities
gnutls-devel at lists.gnutls.org
Wed May 5 09:40:55 CEST 2021
Weiqi Wang created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1224
## Description of problem:
GnuTLS sends record_overflow alert for a malformed client message. However, the client message ```\xe8\x03\x00\x00\x02\x02\x50``` has a valid length. From my understanding:
- \xe8 is type
- \x03\x00 is version
- \x00\x02 is length (2 bytes)
- \x02\x50 has a length of 2 bytes which corresponds with the length field
Since the type is invalid, I think an unexpected_message alert is more appropriate in this case. As per [RFC 5246](https://tools.ietf.org/html/rfc5246)
>A TLSCiphertext record was received that had a length more than
>2^14+2048 bytes, or a record decrypted to a TLSCompressed record
>with more than 2^14+1024 bytes.
>An inappropriate message was received. This alert is always fatal
>and should never be observed in communication between proper
## Version of gnutls used:
GnuTLS 3.7.0 commit 7e44152fd4076afb0b64ed311fd092669e71fa1e
## Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL)
## How reproducible:
Steps to Reproduce:
```gnutls-serv --priority NORMAL:-VERS-ALL:+VERS-TLS1.2:-COMP-ALL:+COMP-NONE --x509keyfile /path/to/key.pem --x509certfile /path/to/cert.pem -p 44331 --noticket -a --http```
```echo -n -e "\xe8\x03\x00\x00\x02\x02\x50" | nc 127.0.0.1 44331```
## Actual results:
Gnutls sends record_overflow alert. The capture file is attached.
## Expected results:
Send unexpected_message alert.
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1224
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Gnutls-devel