Added tests to check if PUBS is invalid and made sure a valid PUBS is requested by default

handshake/server_config_client.go

@@ -110,13 +110,21 @@ func (s *serverConfigClient) parseValues(tagMap map[Tag][]byte) error {
 
 		err := binary.Read(bytes.NewReader([]byte{pubs[i], pubs[i+1], pubs[i+2], 0x00}), binary.LittleEndian, &last_len);
 		if err != nil {
+			return qerr.Error(qerr.CryptoInvalidValueLength, "PUBS not decodable")
+		}
+		if last_len == 0 {
 			return qerr.Error(qerr.CryptoInvalidValueLength, "PUBS")
 		}
+
+		if i+3+int(last_len) > len(pubs) {
+			return qerr.Error(qerr.CryptoInvalidValueLength, "PUBS")
+		}
+
 		pubs_kexs = append(pubs_kexs, struct{Length uint32; Value []byte}{last_len, pubs[i+3:i+3+int(last_len)]})
 	}
 
 	if c255Foundat >= len(pubs_kexs) {
-		return qerr.Error(qerr.CryptoInvalidValueLength, "KEXS not in PUBS")
+		return qerr.Error(qerr.CryptoMessageParameterNotFound, "KEXS not in PUBS")
 	}
 
 	if pubs_kexs[c255Foundat].Length != 32 {

handshake/server_config_client_test.go

@@ -15,7 +15,7 @@ func getDefaultServerConfigClient() map[Tag][]byte {
 		TagSCID: bytes.Repeat([]byte{'F'}, 16),
 		TagKEXS: []byte("C255"),
 		TagAEAD: []byte("AESG"),
-		TagPUBS: bytes.Repeat([]byte{0}, 35),
+		TagPUBS: append([]byte{0x20, 0x00, 0x00}, bytes.Repeat([]byte{0}, 32)...),
 		TagOBIT: bytes.Repeat([]byte{0}, 8),
 		TagEXPY: []byte{0x0, 0x6c, 0x57, 0x78, 0, 0, 0, 0}, // 2033-12-24
 	}
@@ -184,6 +184,12 @@ var _ = Describe("Server Config", func() {
 				Expect(err).To(MatchError("CryptoInvalidValueLength: PUBS"))
 			})
 
+			It("rejects PUBS values that have a zero length", func() {
+				tagMap[TagPUBS] = bytes.Repeat([]byte{0}, 100) // completely wrong length
+				err := scfg.parseValues(tagMap)
+				Expect(err).To(MatchError("CryptoInvalidValueLength: PUBS"))
+			})
+
 			It("errors if the PUBS is missing", func() {
 				delete(tagMap, TagPUBS)
 				err := scfg.parseValues(tagMap)