Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: pion/dtls
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: v2.2.3
Choose a base ref
...
head repository: pion/dtls
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: v2.2.4
Choose a head ref
  • 3 commits
  • 4 files changed
  • 2 contributors

Commits on Feb 5, 2023

  1. Fix OOB read in server hello 

    This fixes an out of bounds read when we're unmarshalling the Server
Hello. This could cause us to panic.
    @daenney
    Sam Lancia authored and daenney committed Feb 5, 2023
    Copy the full SHA
    7a14903 View commit details

  2. Fix panic unmarshalling hello verify request 

    This could cause us to panic when unmarshalling a Hello Verify request
message.
    @daenney
    Sam Lancia authored and daenney committed Feb 5, 2023
    Copy the full SHA
    a50d26c View commit details

  3. Add fuzz tests for handshake 

    This adds a fuzz test to cover the DTLS handshake.

Co-Authored-By: Daniele Sluijters <daenney@users.noreply.github.com>
    @daenney
    Sam Lancia and daenney committed Feb 5, 2023
    Copy the full SHA
    9e922d5 View commit details
Showing with 29 additions and 3 deletions.
  1. +2 −0 AUTHORS.txt
  2. +21 −0 pkg/protocol/handshake/fuzz_test.go
  3. +2 −2 pkg/protocol/handshake/message_hello_verify_request.go
  4. +4 −1 pkg/protocol/handshake/message_server_hello.go
2 changes: 2 additions & 0 deletions AUTHORS.txt
View file
Original file line number Diff line number Diff line change
@@ -39,8 +39,10 @@ Michiel De Backker <mail@backkem.me>
Rachel Chen <rachel@chens.email>
Robert Eperjesi <eperjesi@uber.com>
Ryan Gordon <ryan.gordon@getcruise.com>
Sam Lancia <sam.lancia@motorolasolutions.com>
Sean DuBois <seaduboi@amazon.com>
Sean DuBois <sean@siobud.com>
Shelikhoo <xiaokangwang@outlook.com>
Stefan Tatschner <stefan@rumpelsepp.org>
Steffen Vogel <post@steffenvogel.de>
Vadim <fffilimonov@yandex.ru>
21 changes: 21 additions & 0 deletions pkg/protocol/handshake/fuzz_test.go
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
package handshake

import (
"testing"
)

func FuzzDtlsHandshake(f *testing.F) {
f.Fuzz(func(t *testing.T, data []byte) {
h := &Handshake{}
if err := h.Unmarshal(data); err != nil {
return
}
buf, err := h.Marshal()
if err != nil {
t.Fatal(err)
}
if len(buf) == 0 {
t.Fatal("Zero buff")
}
})
}
4 changes: 2 additions & 2 deletions pkg/protocol/handshake/message_hello_verify_request.go
View file
Original file line number Diff line number Diff line change
@@ -51,8 +51,8 @@ func (m *MessageHelloVerifyRequest) Unmarshal(data []byte) error {
}
m.Version.Major = data[0]
m.Version.Minor = data[1]
cookieLength := data[2]
if len(data) < (int(cookieLength) + 3) {
cookieLength := int(data[2])
if len(data) < cookieLength+3 {
return errBufferTooSmall
}
m.Cookie = make([]byte, cookieLength)
5 changes: 4 additions & 1 deletion pkg/protocol/handshake/message_server_hello.go
View file
Original file line number Diff line number Diff line change
@@ -88,11 +88,14 @@ func (m *MessageServerHello) Unmarshal(data []byte) error {
m.SessionID = append([]byte{}, data[currOffset:currOffset+n]...)
currOffset += len(m.SessionID)

if len(data) < currOffset+2 {
return errBufferTooSmall
}
m.CipherSuiteID = new(uint16)
*m.CipherSuiteID = binary.BigEndian.Uint16(data[currOffset:])
currOffset += 2

if len(data) < currOffset {
if len(data) <= currOffset {
return errBufferTooSmall
}
if compressionMethod, ok := protocol.CompressionMethods()[protocol.CompressionMethodID(data[currOffset])]; ok {