diff options
author | Jack Lloyd <[email protected]> | 2016-12-05 21:34:01 -0500 |
---|---|---|
committer | Jack Lloyd <[email protected]> | 2016-12-05 21:34:01 -0500 |
commit | 8f580945b8f6b4ba6d8d6c55ca433f3c92ea6647 (patch) | |
tree | f06d6bebce22735bb17e7778b74e49b89c3ed4d8 /src | |
parent | a1b4f0299ade80d430bc5f1623a3294a897caa0b (diff) |
Fix bad deref when ciphersuite value is larger than largest known id
Reported by @neverhub in GH #758 found by libFuzzer
Diffstat (limited to 'src')
-rw-r--r-- | src/lib/tls/tls_ciphersuite.cpp | 2 | ||||
-rw-r--r-- | src/tests/unit_tls.cpp | 25 |
2 files changed, 26 insertions, 1 deletions
diff --git a/src/lib/tls/tls_ciphersuite.cpp b/src/lib/tls/tls_ciphersuite.cpp index a15f936be..08ef8e812 100644 --- a/src/lib/tls/tls_ciphersuite.cpp +++ b/src/lib/tls/tls_ciphersuite.cpp @@ -45,7 +45,7 @@ Ciphersuite Ciphersuite::by_id(u16bit suite) const std::vector<Ciphersuite>& all_suites = all_known_ciphersuites(); auto s = std::lower_bound(all_suites.begin(), all_suites.end(), suite); - if(s->ciphersuite_code() == suite) + if(s != all_suites.end() && s->ciphersuite_code() == suite) { return *s; } diff --git a/src/tests/unit_tls.cpp b/src/tests/unit_tls.cpp index 7158fba55..9952ea77c 100644 --- a/src/tests/unit_tls.cpp +++ b/src/tests/unit_tls.cpp @@ -1019,12 +1019,37 @@ class TLS_Unit_Tests : public Test return test_with_policy(results, client_ses, server_ses, creds, versions, policy); } + Test::Result test_tls_ciphersuites() + { + Test::Result result("TLS::Ciphersuite"); + + for(size_t csuite_id = 0; csuite_id <= 0xFFFF; ++csuite_id) + { + Botan::TLS::Ciphersuite ciphersuite = Botan::TLS::Ciphersuite::by_id(csuite_id); + + if(ciphersuite.valid()) + { + result.test_eq("Valid Ciphersuite is not SCSV", Botan::TLS::Ciphersuite::is_scsv(csuite_id), false); + + if(ciphersuite.cbc_ciphersuite() == false) + result.test_eq("Expected MAC name for AEAD ciphersuites", ciphersuite.mac_algo(), "AEAD"); + else + result.test_eq("MAC algo and PRF algo same for CBC suites", ciphersuite.prf_algo(), ciphersuite.mac_algo()); + + // TODO more tests here + } + } + + return result; + } + public: std::vector<Test::Result> run() override { std::vector<Test::Result> results; results.push_back(test_tls_alert_strings()); results.push_back(test_tls_policy()); + results.push_back(test_tls_ciphersuites()); Botan::RandomNumberGenerator& rng = Test::rng(); |