mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2026-07-05 11:00:54 +02:00
Merge pull request #10201 from gasbytes/quic_record_cap
add missing WOLFSSL_QUIC_MAX_RECORD_CAPACITY check on the early-data
This commit is contained in:
@@ -76,6 +76,11 @@ static QuicRecord *quic_record_make(WOLFSSL *ssl,
|
||||
qr->level = level;
|
||||
if (level == wolfssl_encryption_early_data) {
|
||||
qr->capacity = qr->len = (word32)len;
|
||||
if (qr->capacity > WOLFSSL_QUIC_MAX_RECORD_CAPACITY) {
|
||||
WOLFSSL_MSG("QUIC early data length larger than expected");
|
||||
quic_record_free(ssl, qr);
|
||||
return NULL;
|
||||
}
|
||||
}
|
||||
else {
|
||||
qr->capacity = qr->len = (word32) qr_length(data, len);
|
||||
|
||||
@@ -390,6 +390,65 @@ static int test_provide_quic_data(void) {
|
||||
return EXPECT_RESULT();
|
||||
}
|
||||
|
||||
static int test_quic_record_cap(void) {
|
||||
EXPECT_DECLS;
|
||||
WOLFSSL_CTX * ctx = NULL;
|
||||
WOLFSSL * ssl = NULL;
|
||||
size_t over = (size_t)WOLFSSL_QUIC_MAX_RECORD_CAPACITY + 512U * 1024U;
|
||||
uint8_t * buf = NULL;
|
||||
uint8_t hdr[4];
|
||||
word32 rlen;
|
||||
|
||||
ExpectNotNull(buf = (uint8_t*)XMALLOC(over, NULL, DYNAMIC_TYPE_TMP_BUFFER));
|
||||
if (buf != NULL)
|
||||
XMEMSET(buf, 0, over);
|
||||
|
||||
ExpectNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_3_client_method()));
|
||||
ExpectTrue(wolfSSL_CTX_set_quic_method(ctx, &dummy_method) == WOLFSSL_SUCCESS);
|
||||
|
||||
/* early_data with over-cap length must be rejected */
|
||||
ExpectNotNull(ssl = wolfSSL_new(ctx));
|
||||
ExpectTrue(provide_data(ssl, wolfssl_encryption_early_data, buf, over, 1));
|
||||
wolfSSL_free(ssl);
|
||||
ssl = NULL;
|
||||
|
||||
/* early_data at exactly cap must succeed */
|
||||
ExpectNotNull(ssl = wolfSSL_new(ctx));
|
||||
ExpectTrue(provide_data(ssl, wolfssl_encryption_early_data, buf,
|
||||
WOLFSSL_QUIC_MAX_RECORD_CAPACITY, 0));
|
||||
wolfSSL_free(ssl);
|
||||
ssl = NULL;
|
||||
|
||||
/* early_data at cap+1 must be rejected */
|
||||
ExpectNotNull(ssl = wolfSSL_new(ctx));
|
||||
ExpectTrue(provide_data(ssl, wolfssl_encryption_early_data, buf,
|
||||
(size_t)WOLFSSL_QUIC_MAX_RECORD_CAPACITY + 1U, 1));
|
||||
wolfSSL_free(ssl);
|
||||
ssl = NULL;
|
||||
|
||||
/* early_data well within cap must succeed */
|
||||
ExpectNotNull(ssl = wolfSSL_new(ctx));
|
||||
ExpectTrue(provide_data(ssl, wolfssl_encryption_early_data, buf, 1024, 0));
|
||||
wolfSSL_free(ssl);
|
||||
ssl = NULL;
|
||||
|
||||
/* handshake with over-cap record header must also be rejected */
|
||||
rlen = (word32)WOLFSSL_QUIC_MAX_RECORD_CAPACITY + 16U - 4U;
|
||||
hdr[0] = 0x16;
|
||||
hdr[1] = (byte)(rlen >> 16);
|
||||
hdr[2] = (byte)(rlen >> 8);
|
||||
hdr[3] = (byte)rlen;
|
||||
ExpectNotNull(ssl = wolfSSL_new(ctx));
|
||||
ExpectTrue(provide_data(ssl, wolfssl_encryption_handshake, hdr, 4, 1));
|
||||
wolfSSL_free(ssl);
|
||||
|
||||
wolfSSL_CTX_free(ctx);
|
||||
if (buf != NULL)
|
||||
XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
|
||||
printf(" test_quic_record_cap: %s\n", (EXPECT_SUCCESS()) ? pass : fail);
|
||||
return EXPECT_RESULT();
|
||||
}
|
||||
|
||||
static int test_quic_crypt(void) {
|
||||
EXPECT_DECLS;
|
||||
@@ -1939,6 +1998,7 @@ int QuicTest(void)
|
||||
if ((ret = test_set_quic_method()) != TEST_SUCCESS) goto leave;
|
||||
#ifndef NO_WOLFSSL_CLIENT
|
||||
if ((ret = test_provide_quic_data()) != TEST_SUCCESS) goto leave;
|
||||
if ((ret = test_quic_record_cap()) != TEST_SUCCESS) goto leave;
|
||||
if ((ret = test_quic_crypt()) != TEST_SUCCESS) goto leave;
|
||||
if ((ret = test_quic_client_hello(verbose)) != TEST_SUCCESS) goto leave;
|
||||
#endif
|
||||
|
||||
Reference in New Issue
Block a user