Domovská stránka Prehľadávať Pomoc
Prihlásiť sa
DragonOS-Community
/
dog
zrkadlo https://github.com/DragonOS-Community/dog.git
4
0
Fork 0
Súbory Issues 0 Wiki
Prechádzať zdrojové kódy

Handle SSHFP and TLSA records being too short

Instead of panicking, the parsers now return the newly-introduced error.
Benjamin Sago 4 rokov pred
rodič
a9f41dc5eb
commit
cff11ac3f7
2 zmenil súbory, kde vykonal 39 pridanie a 3 odobranie
Rozdelené zobrazenie Ukázať štatistiku rozdielnych dát
  1. 19 2
      dns/src/record/sshfp.rs
  2. 20 1
      dns/src/record/tlsa.rs

+ 19 - 2
dns/src/record/sshfp.rs
Zobraziť súbor 

@@ -38,7 +38,8 @@ impl Wire for SSHFP {
 
         trace!("Parsed fingerprint type -> {:?}", fingerprint_type);
 
 
         if stated_length <= 2 {
 
-            panic!("Length too short");
 
+            let mandated_length = MandatedLength::AtLeast(3);
 
+            return Err(WireError::WrongRecordLength { stated_length, mandated_length });
 
         }
 
 
         let fingerprint_length = stated_length - 1 - 1;
 
@@ -82,6 +83,23 @@ mod test {
 
                    });
 
     }
 
 
+    #[test]
 
+    fn record_too_short() {
 
+        let buf = &[
 
+            0x01,  // algorithm
 
+            0x01,  // fingerprint type
 
+        ];
 
+
 
+        assert_eq!(SSHFP::read(buf.len() as _, &mut Cursor::new(buf)),
 
+                   Err(WireError::WrongRecordLength { stated_length: 2, mandated_length: MandatedLength::AtLeast(3) }));
 
+    }
 
+
 
+    #[test]
 
+    fn record_empty() {
 
+        assert_eq!(SSHFP::read(0, &mut Cursor::new(&[])),
 
+                   Err(WireError::IO));
 
+    }
 
+
 
     #[test]
 
     fn buffer_ends_abruptly() {
 
         let buf = &[
 
@@ -103,5 +121,4 @@ mod test {
 
         assert_eq!(sshfp.hex_fingerprint(),
 
                    String::from("f348cdc9"));
 
     }
 
-
 
 }

+ 20 - 1
dns/src/record/tlsa.rs
Zobraziť súbor 

@@ -45,7 +45,8 @@ impl Wire for TLSA {
 
         trace!("Parsed matching type -> {:?}", matching_type);
 
 
         if stated_length <= 3 {
 
-            panic!("Length too short");
 
+            let mandated_length = MandatedLength::AtLeast(4);
 
+            return Err(WireError::WrongRecordLength { stated_length, mandated_length });
 
         }
 
 
         let certificate_data_length = stated_length - 1 - 1 - 1;
 
@@ -91,6 +92,24 @@ mod test {
 
                    });
 
     }
 
 
+    #[test]
 
+    fn record_too_short() {
 
+        let buf = &[
 
+            0x03,  // certificate usage
 
+            0x01,  // selector
 
+            0x01,  // matching type
 
+        ];
 
+
 
+        assert_eq!(TLSA::read(buf.len() as _, &mut Cursor::new(buf)),
 
+                   Err(WireError::WrongRecordLength { stated_length: 3, mandated_length: MandatedLength::AtLeast(4) }));
 
+    }
 
+
 
+    #[test]
 
+    fn record_empty() {
 
+        assert_eq!(TLSA::read(0, &mut Cursor::new(&[])),
 
+                   Err(WireError::IO));
 
+    }
 
+
 
     #[test]
 
     fn buffer_ends_abruptly() {
 
         let buf = &[