Merge pull request #497 from tlsfuzzer/session_id_length

tomato42 · web-flow · commit 6ed9d3b5e436 · 2023-08-02T21:02:00.000+02:00
reject too long session_id field
diff --git a/tlslite/messages.py b/tlslite/messages.py
@@ -622,6 +622,8 @@ def parse(self, p):
             self.client_version = (p.get(1), p.get(1))
             self.random = p.getFixBytes(32)
             self.session_id = p.getVarBytes(1)
+            if len(self.session_id) > 32:
+                raise DecodeError("session_id too long")
             self.cipher_suites = p.getVarList(2, 2)
             self.compression_methods = p.getVarList(1, 1)
             if not p.atLengthCheck():
diff --git a/unit_tests/test_tlslite_messages.py b/unit_tests/test_tlslite_messages.py
@@ -23,7 +23,7 @@
         ApplicationData, EncryptedExtensions, CertificateEntry, \
         NewSessionTicket, SessionTicketPayload, Heartbeat, HelloRequest, \
         KeyUpdate
-from tlslite.utils.codec import Parser
+from tlslite.utils.codec import Parser, DecodeError
 from tlslite.constants import CipherSuite, CertificateType, ContentType, \
         AlertLevel, AlertDescription, ExtensionType, ClientCertificateType, \
         HashAlgorithm, SignatureAlgorithm, ECCurveType, GroupName, \
@@ -207,6 +207,26 @@ def test_parse_with_empty_extensions(self):
         self.assertEqual([], client_hello.compression_methods)
         self.assertEqual([], client_hello.extensions)
 
+    def test_parse_with_too_long_session_id(self):
+        p = Parser(bytearray(
+            # we don't include the type of message as it is handled by the
+            # hello protocol parser
+            #b'x01' +             # type of message - client_hello
+            b'\x00'*2 + b'\x48' + # length - 38 bytes
+            b'\x01\x01' +         # protocol version - arbitrary (invalid)
+            b'\x00'*32 +          # client random
+            b'\x21' +             # session ID length
+            b'\x00' * 33 +        # session ID
+            b'\x00'*2 +           # cipher suites length
+            b'\x00' +             # compression methods length
+            b'\x00\x00'           # extensions length
+            ))
+        client_hello = ClientHello()
+        with self.assertRaises(DecodeError) as e:
+            client_hello = client_hello.parse(p)
+
+        self.assertIn("session_id", str(e.exception))
+
     def test_parse_with_SNI_extension(self):
         p = Parser(bytearray(
             # we don't include the type of message as it is handled by the
