This repository has been archived by the owner on Aug 18, 2023. It is now read-only.
ber.go: Protocol Validation and Defense #3
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This commit attempts to address possible `panic` conditions due to access outside of the bounds of the slice. There are specifically three changes: * A couple log messages are commented out due to them attempting to do an out of bounds view into the slice. * Existing protocol validation was fixed. There was an attempt to guard against these conditions, however in many cases there was an off by one error, or other conditions had not been considered. * A PR from the parent fork which attempts to bring in a protocol fix for lengths between `0x80` and `0xFF` was also included as part of this: mozilla-services#68 The logic for slice access has been reviewed carefully in an attempt to make sure we are defensive, but still allowing the nuance of the PKCS7 structure. In addition extensive fuzzing has been conducted on these changes.
wadells
approved these changes
Aug 17, 2023
zmb3
reviewed
Aug 17, 2023
| return nil, 0, errors.New("ber2der: BER tag length has leading zero") | ||
| } | ||
| debugprint("--> (compute length) indicator byte: %x\n", l) | ||
| debugprint("--> (compute length) length bytes: % X\n", ber[offset:offset+numberOfBytes]) | ||
| //debugprint("--> (compute length) length bytes: %x\n", ber[offset:offset+numberOfBytes]) |
There was a problem hiding this comment.
I was keeping this commented out on purpose. The debugprint does no action without manual code changes, and I feel like the slice index lookup is not worth general usage. What do you think?
|
Closing PR, digitorus#12 was merged 🎉 |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Replacement PR for #2
This PR attempts to address possible
panicconditions due to access outside of the bounds of the slice. There are specifically three changes:0x80and0xFFwas also included as part of this: fix BER tag length check when length is between 0x80 and 0xFF mozilla-services/pkcs7#68The logic for slice access has been reviewed carefully in an attempt to make sure we are defensive, but still allowing the nuance of the PKCS7 structure. In addition extensive fuzzing has been conducted on these changes.
These changes are motivated to fix this issue: https://github.com/gravitational/teleport-private/issues/572
This change is temporary for
Teleport, eventually we would like to depend on the more active project once the PR here is merged: digitorus#12