Sanity check length when deserializing

Trolldemorted · Trolldemorted · commit b94b25ca4dc0 · 2018-05-12T18:11:28.000+02:00
diff --git a/libsignal-protocol-dotnet-tests/ecc/Curve25519Test.cs b/libsignal-protocol-dotnet-tests/ecc/Curve25519Test.cs
@@ -1,23 +1,7 @@
-﻿/** 
- * Copyright (C) 2016 langboost
- * 
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation, either version 3 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- * 
- * You should have received a copy of the GNU General Public License
- * along with this program.  If not, see <http://www.gnu.org/licenses/>.
- */
-
-using libsignal;
+﻿using libsignal;
 using libsignal.ecc;
 using Microsoft.VisualStudio.TestTools.UnitTesting;
+using System;
 
 namespace libsignal_test
 {
@@ -187,6 +171,59 @@ public void testSignature()
             }
         }
 
+        public void TestDecodeSize()
+        {
+            ECKeyPair keyPair = Curve.generateKeyPair();
+            byte[] serializedPublic = keyPair.getPublicKey().serialize();
+
+            ECPublicKey justRight = Curve.decodePoint(serializedPublic, 0);
+
+            try
+            {
+                ECPublicKey tooSmall = Curve.decodePoint(serializedPublic, 1);
+                Assert.Fail("Shouldn't decode");
+            }
+            catch (InvalidKeyException e)
+            {
+                // good
+            }
+
+            try
+            {
+                ECPublicKey empty = Curve.decodePoint(new byte[0], 0);
+                Assert.Fail("Shouldn't parse");
+            }
+            catch (InvalidKeyException e)
+            {
+                // good
+            }
+
+            try
+            {
+                byte[] badKeyType = new byte[33];
+                Array.Copy(serializedPublic, 0, badKeyType, 0, serializedPublic.Length);
+                badKeyType[0] = 0x01;
+                Curve.decodePoint(badKeyType, 0);
+                Assert.Fail("Should be bad key type");
+            }
+            catch (InvalidKeyException e)
+            {
+                // good
+            }
+
+            byte[] extraSpace = new byte[serializedPublic.Length + 1];
+            Array.Copy(serializedPublic, 0, extraSpace, 0, serializedPublic.Length);
+            ECPublicKey extra = Curve.decodePoint(extraSpace, 0);
+
+            byte[] offsetSpace = new byte[serializedPublic.Length + 1];
+            Array.Copy(serializedPublic, 0, offsetSpace, 1, serializedPublic.Length);
+            ECPublicKey offset = Curve.decodePoint(offsetSpace, 1);
+
+            CollectionAssert.AreEqual(serializedPublic, justRight.serialize());
+            CollectionAssert.AreEqual(extra.serialize(), serializedPublic);
+            CollectionAssert.AreEqual(offset.serialize(), serializedPublic);
+        }
+
         [TestMethod, TestCategory("libsignal.ecc")]
         public void testSignatureOverflow()
         {
diff --git a/libsignal-protocol-dotnet/ecc/Curve.cs b/libsignal-protocol-dotnet/ecc/Curve.cs
@@ -34,19 +34,28 @@ public static ECKeyPair generateKeyPair()
                                  new DjbECPrivateKey(keyPair.getPrivateKey()));
         }
 
-        public static ECPublicKey decodePoint(byte[] bytes, int offset)
-        {
-            int type = bytes[offset] & 0xFF;
-
-            switch (type)
-            {
-                case Curve.DJB_TYPE:
-                    byte[] keyBytes = new byte[32];
-                    System.Buffer.BlockCopy(bytes, offset + 1, keyBytes, 0, keyBytes.Length);
-                    return new DjbECPublicKey(keyBytes);
-                default:
-                    throw new InvalidKeyException("Bad key type: " + type);
-            }
+        public static ECPublicKey decodePoint(byte[] bytes, int offset)
+        {
+            if (bytes.Length - offset < 1)
+            {
+                throw new InvalidKeyException("No key type identifier");
+            }
+            int type = bytes[offset] & 0xFF;
+
+            switch (type)
+            {
+                case Curve.DJB_TYPE:
+                    if (bytes.Length - offset < 33)
+                    {
+                        throw new InvalidKeyException("Bad key length: " + bytes.Length);
+                    }
+
+                    byte[] keyBytes = new byte[32];
+                    System.Buffer.BlockCopy(bytes, offset + 1, keyBytes, 0, keyBytes.Length);
+                    return new DjbECPublicKey(keyBytes);
+                default:
+                    throw new InvalidKeyException("Bad key type: " + type);
+            }
         }
 
         public static ECPrivateKey decodePrivatePoint(byte[] bytes)
