From 6a0b2d04d67dd59bfb531c9a4d7dbd4d625f381d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20R=C3=BCth?= Date: Thu, 11 May 2017 21:15:52 +0200 Subject: [PATCH] Added tests to check if PUBS is invalid and made sure a valid PUBS is requested by default --- handshake/server_config_client.go | 10 +++++++++- handshake/server_config_client_test.go | 8 +++++++- 2 files changed, 16 insertions(+), 2 deletions(-) diff --git a/handshake/server_config_client.go b/handshake/server_config_client.go index 15d2f702..fe871310 100644 --- a/handshake/server_config_client.go +++ b/handshake/server_config_client.go @@ -110,13 +110,21 @@ func (s *serverConfigClient) parseValues(tagMap map[Tag][]byte) error { err := binary.Read(bytes.NewReader([]byte{pubs[i], pubs[i+1], pubs[i+2], 0x00}), binary.LittleEndian, &last_len); if err != nil { + return qerr.Error(qerr.CryptoInvalidValueLength, "PUBS not decodable") + } + if last_len == 0 { return qerr.Error(qerr.CryptoInvalidValueLength, "PUBS") } + + if i+3+int(last_len) > len(pubs) { + return qerr.Error(qerr.CryptoInvalidValueLength, "PUBS") + } + pubs_kexs = append(pubs_kexs, struct{Length uint32; Value []byte}{last_len, pubs[i+3:i+3+int(last_len)]}) } if c255Foundat >= len(pubs_kexs) { - return qerr.Error(qerr.CryptoInvalidValueLength, "KEXS not in PUBS") + return qerr.Error(qerr.CryptoMessageParameterNotFound, "KEXS not in PUBS") } if pubs_kexs[c255Foundat].Length != 32 { diff --git a/handshake/server_config_client_test.go b/handshake/server_config_client_test.go index 34d314ab..ce73f80b 100644 --- a/handshake/server_config_client_test.go +++ b/handshake/server_config_client_test.go @@ -15,7 +15,7 @@ func getDefaultServerConfigClient() map[Tag][]byte { TagSCID: bytes.Repeat([]byte{'F'}, 16), TagKEXS: []byte("C255"), TagAEAD: []byte("AESG"), - TagPUBS: bytes.Repeat([]byte{0}, 35), + TagPUBS: append([]byte{0x20, 0x00, 0x00}, bytes.Repeat([]byte{0}, 32)...), TagOBIT: bytes.Repeat([]byte{0}, 8), TagEXPY: []byte{0x0, 0x6c, 0x57, 0x78, 0, 0, 0, 0}, // 2033-12-24 } @@ -184,6 +184,12 @@ var _ = Describe("Server Config", func() { Expect(err).To(MatchError("CryptoInvalidValueLength: PUBS")) }) + It("rejects PUBS values that have a zero length", func() { + tagMap[TagPUBS] = bytes.Repeat([]byte{0}, 100) // completely wrong length + err := scfg.parseValues(tagMap) + Expect(err).To(MatchError("CryptoInvalidValueLength: PUBS")) + }) + It("errors if the PUBS is missing", func() { delete(tagMap, TagPUBS) err := scfg.parseValues(tagMap)