validate connection ID length in preferred_address transport parameter

2025-04-03 20:27:35 +03:00 · 2020-04-08 14:12:53 +07:00 · 2020-04-08 14:12:53 +07:00 · 96ac90e6be
commit 96ac90e6be
parent 799d80197f
2 changed files with 30 additions and 8 deletions
--- a/internal/wire/transport_parameter_test.go
+++ b/internal/wire/transport_parameter_test.go
@ -260,14 +260,18 @@ var _ = Describe("Transport Parameters", func() {
 	})

 	Context("preferred address", func() {
-		pa := &PreferredAddress{
-			IPv4:                net.IPv4(127, 0, 0, 1),
-			IPv4Port:            42,
-			IPv6:                net.IP{1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16},
-			IPv6Port:            13,
-			ConnectionID:        protocol.ConnectionID{0xde, 0xad, 0xbe, 0xef},
-			StatelessResetToken: [16]byte{16, 15, 14, 13, 12, 11, 10, 9, 8, 7, 6, 5, 4, 3, 2, 1},
-		}
+		var pa *PreferredAddress
+
+		BeforeEach(func() {
+			pa = &PreferredAddress{
+				IPv4:                net.IPv4(127, 0, 0, 1),
+				IPv4Port:            42,
+				IPv6:                net.IP{1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16},
+				IPv6Port:            13,
+				ConnectionID:        protocol.ConnectionID{0xde, 0xad, 0xbe, 0xef},
+				StatelessResetToken: [16]byte{16, 15, 14, 13, 12, 11, 10, 9, 8, 7, 6, 5, 4, 3, 2, 1},
+			}
+		})

 		It("marshals and unmarshals", func() {
 			data := (&TransportParameters{PreferredAddress: pa}).Marshal()
@ -287,6 +291,21 @@ var _ = Describe("Transport Parameters", func() {
 			Expect(p.Unmarshal(data, protocol.PerspectiveClient)).To(MatchError("TRANSPORT_PARAMETER_ERROR: client sent a preferred_address"))
 		})

+		It("errors on zero-length connection IDs", func() {
+			pa.ConnectionID = protocol.ConnectionID{}
+			data := (&TransportParameters{PreferredAddress: pa}).Marshal()
+			p := &TransportParameters{}
+			Expect(p.Unmarshal(data, protocol.PerspectiveServer)).To(MatchError("TRANSPORT_PARAMETER_ERROR: invalid connection ID length: 0"))
+		})
+
+		It("errors on too long connection IDs", func() {
+			pa.ConnectionID = protocol.ConnectionID{1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21}
+			Expect(pa.ConnectionID.Len()).To(BeNumerically(">", protocol.MaxConnIDLen))
+			data := (&TransportParameters{PreferredAddress: pa}).Marshal()
+			p := &TransportParameters{}
+			Expect(p.Unmarshal(data, protocol.PerspectiveServer)).To(MatchError("TRANSPORT_PARAMETER_ERROR: invalid connection ID length: 21"))
+		})
+
 		It("errors on EOF", func() {
 			raw := []byte{
 				127, 0, 0, 1, // IPv4
--- a/internal/wire/transport_parameters.go
+++ b/internal/wire/transport_parameters.go
@ -214,6 +214,9 @@ func (p *TransportParameters) readPreferredAddress(r *bytes.Reader, expectedLen
 	if err != nil {
 		return err
 	}
+	if connIDLen == 0 || connIDLen > protocol.MaxConnIDLen {
+		return fmt.Errorf("invalid connection ID length: %d", connIDLen)
+	}
 	connID, err := protocol.ReadConnectionID(r, int(connIDLen))
 	if err != nil {
 		return err