Fix CVE-2017-6891 in minitasn1 code

[platform/upstream/gnutls.git] / lib / gnutls_dtls.c

diff --git a/lib/gnutls_dtls.c b/lib/gnutls_dtls.c
index 3b14322..37fcb62 100644 (file)
--- a/lib/gnutls_dtls.c
+++ b/lib/gnutls_dtls.c
@@ -107,6 +107,14 @@ transmit_message(gnutls_session_t session,
                else
                        frag_len = mtu;
 
+               /* we normally allow fragments of zero length, to allow
+                * the packets which have zero size. On the others don't
+                * send such fragments */
+               if (frag_len == 0 && data_size > 0) {
+                       ret = 0;
+                       break;
+               }
+
                /* Fragment offset */
                _gnutls_write_uint24(offset, &mtu_data[6]);
 
@@ -542,9 +550,6 @@ int _dtls_record_check(struct record_parameters_st *rp, uint64 * _seq)
  * The DTLS protocol recommends the values of 1 sec and 60 seconds
  * respectively.
  *
- * If the retransmission timeout is zero then the handshake will operate
- * in a non-blocking way, i.e., return %GNUTLS_E_AGAIN.
- *
  * To disable retransmissions set a @retrans_timeout larger than the @total_timeout.
  *
  * Since: 3.0