diff options
| author | Mališa Vučinić <malishav@gmail.com> | 2020-06-04 13:30:11 +0200 |
|---|---|---|
| committer | Anders Broman <a.broman58@gmail.com> | 2020-07-02 07:18:02 +0000 |
| commit | ff4296a1fe316de9edaeb79796b31a64d9c4efd1 (patch) | |
| tree | e5c4508c263ac848a742b93050aa338783cf9c3d /epan/dissectors/packet-oscore.c | |
| parent | 916550de96ac8c1dd94d9a62af8846fbe9967e90 (diff) | |
oscore: Small bug fixes.
- Rename Key ID Context header field.
- Account for ID Context in max info length calculation.
Change-Id: I6f61055dba74294ace275eb852e34ea6caa32627
Reviewed-on: https://code.wireshark.org/review/37642
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Diffstat (limited to 'epan/dissectors/packet-oscore.c')
| -rw-r--r-- | epan/dissectors/packet-oscore.c | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/epan/dissectors/packet-oscore.c b/epan/dissectors/packet-oscore.c index 019fc34448..892694ab1b 100644 --- a/epan/dissectors/packet-oscore.c +++ b/epan/dissectors/packet-oscore.c @@ -93,11 +93,13 @@ UAT_VS_DEF(oscore_context_uat, algorithm, oscore_context_t, cose_aead_alg_t, COS #define OSCORE_PIV_MAX_LEN 5 /* upper bound specified in the draft */ #define OSCORE_KID_MAX_LEN_CCM_STAR 7 /* upper bound on KID for AES-CCM-16-64-128 (CCM*) */ #define OSCORE_KID_MAX_LEN OSCORE_KID_MAX_LEN_CCM_STAR /* upper bound on KID coming from the default algorithm implemented */ +#define OSCORE_KID_CONTEXT_MAX_LEN 64 /* Helper macros to correctly size the statically allocated buffers and verify if an overflow occured */ #define OSCORE_INFO_MAX_LEN (1 + /* max return of cborencoder_put_array() */ \ 2 + OSCORE_KID_MAX_LEN + /* max 2 to encode length, KID following */ \ + 2 + OSCORE_KID_CONTEXT_MAX_LEN + /* length + KID CONTEXT */ \ 2 + /* max return of cborencoder_put_unsigned() */ \ 2 + 3 + /* max 2 to encode length, "Key" following */ \ 2 /* max return of cborencoder_put_unsigned() */ ) @@ -217,14 +219,18 @@ static gboolean oscore_context_update_cb(void *r, char **err) { return FALSE; } - /* No max length check on ID Context. We use GByteArray to allocate memory - * and pass it to the context derivation routine */ if (hex_str_to_bytes(rec->id_context_prefs, bytes, FALSE) == FALSE) { *err = g_strdup("ID Context is invalid."); g_byte_array_free(bytes, TRUE); return FALSE; } + if (bytes->len > OSCORE_KID_CONTEXT_MAX_LEN) { + *err = g_strdup_printf("Should be %u bytes or less.", OSCORE_KID_CONTEXT_MAX_LEN); + g_byte_array_free(bytes, TRUE); + return FALSE; + } + if (hex_str_to_bytes(rec->master_secret_prefs, bytes, FALSE) == FALSE) { *err = g_strdup("Master Secret is invalid."); g_byte_array_free(bytes, TRUE); |