Skip to content

Commit ef4e11b

Browse files
gasbytesgasbytes
committed
add missing WOLFSSL_QUIC_MAX_RECORD_CAPACITY check on the early-data path in quic_record_make() and added a unit test for it
1 parent 9176185 commit ef4e11b

2 files changed

Lines changed: 51 additions & 0 deletions

File tree

src/quic.c

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -76,6 +76,11 @@ static QuicRecord *quic_record_make(WOLFSSL *ssl,
7676
qr->level = level;
7777
if (level == wolfssl_encryption_early_data) {
7878
qr->capacity = qr->len = (word32)len;
79+
if (qr->capacity > WOLFSSL_QUIC_MAX_RECORD_CAPACITY) {
80+
WOLFSSL_MSG("QUIC early data length larger than expected");
81+
quic_record_free(ssl, qr);
82+
return NULL;
83+
}
7984
}
8085
else {
8186
qr->capacity = qr->len = (word32) qr_length(data, len);

tests/quic.c

Lines changed: 46 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -390,6 +390,51 @@ static int test_provide_quic_data(void) {
390390
return EXPECT_RESULT();
391391
}
392392

393+
static int test_quic_record_cap(void) {
394+
EXPECT_DECLS;
395+
WOLFSSL_CTX * ctx = NULL;
396+
WOLFSSL * ssl = NULL;
397+
size_t over = (size_t)WOLFSSL_QUIC_MAX_RECORD_CAPACITY + 512U * 1024U;
398+
uint8_t * buf = NULL;
399+
uint8_t hdr[4];
400+
word32 rlen;
401+
402+
ExpectNotNull(buf = (uint8_t*)XMALLOC(over, NULL, DYNAMIC_TYPE_TMP_BUFFER));
403+
if (buf != NULL)
404+
XMEMSET(buf, 0, over);
405+
406+
ExpectNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_3_client_method()));
407+
ExpectTrue(wolfSSL_CTX_set_quic_method(ctx, &dummy_method) == WOLFSSL_SUCCESS);
408+
409+
/* early_data with over-cap length must be rejected */
410+
ExpectNotNull(ssl = wolfSSL_new(ctx));
411+
ExpectTrue(provide_data(ssl, wolfssl_encryption_early_data, buf, over, 1));
412+
wolfSSL_free(ssl);
413+
ssl = NULL;
414+
415+
/* early_data within cap must succeed */
416+
ExpectNotNull(ssl = wolfSSL_new(ctx));
417+
ExpectTrue(provide_data(ssl, wolfssl_encryption_early_data, buf, 1024, 0));
418+
wolfSSL_free(ssl);
419+
ssl = NULL;
420+
421+
/* handshake with over-cap record header must also be rejected */
422+
rlen = (word32)WOLFSSL_QUIC_MAX_RECORD_CAPACITY + 16U - 4U;
423+
hdr[0] = 0x16;
424+
hdr[1] = (byte)(rlen >> 16);
425+
hdr[2] = (byte)(rlen >> 8);
426+
hdr[3] = (byte)rlen;
427+
ExpectNotNull(ssl = wolfSSL_new(ctx));
428+
ExpectTrue(provide_data(ssl, wolfssl_encryption_handshake, hdr, 4, 1));
429+
wolfSSL_free(ssl);
430+
431+
wolfSSL_CTX_free(ctx);
432+
if (buf != NULL)
433+
XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
434+
435+
printf(" test_quic_record_cap: %s\n", (EXPECT_SUCCESS()) ? pass : fail);
436+
return EXPECT_RESULT();
437+
}
393438

394439
static int test_quic_crypt(void) {
395440
EXPECT_DECLS;
@@ -1939,6 +1984,7 @@ int QuicTest(void)
19391984
if ((ret = test_set_quic_method()) != TEST_SUCCESS) goto leave;
19401985
#ifndef NO_WOLFSSL_CLIENT
19411986
if ((ret = test_provide_quic_data()) != TEST_SUCCESS) goto leave;
1987+
if ((ret = test_quic_record_cap()) != TEST_SUCCESS) goto leave;
19421988
if ((ret = test_quic_crypt()) != TEST_SUCCESS) goto leave;
19431989
if ((ret = test_quic_client_hello(verbose)) != TEST_SUCCESS) goto leave;
19441990
#endif

0 commit comments

Comments
 (0)