From 0493abb68a072b053bceabedf2e8f3c072ab42b3 Mon Sep 17 00:00:00 2001 From: Miroslav Lichvar Date: Mon, 3 May 2021 12:48:23 +0200 Subject: [PATCH] nts: ignore long non-critical records In the NTS-KE client don't reject the response if it has non-critical records that are too long for the processing buffer. This is not expected to happen with the current specification, but it might be needed with future extensions. Fixes: 7925ed39b81f ("nts: fix handling of long server negotiation record") --- nts_ke_client.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/nts_ke_client.c b/nts_ke_client.c index d895bf1..d1936b6 100644 --- a/nts_ke_client.c +++ b/nts_ke_client.c @@ -143,9 +143,10 @@ process_response(NKC_Instance inst) break; if (length > sizeof (data)) { - DEBUG_LOG("Record too long type=%d length=%d", type, length); - error = 1; - break; + DEBUG_LOG("Record too long type=%d length=%d critical=%d", type, length, critical); + if (critical) + error = 1; + continue; } switch (type) {