Amebis/GEANTLink
Amebis/GEANTLink
1
1
Fork 0
Code Issues 3 Pull Requests Actions Packages Projects Releases 50 Wiki Activity

Explicitly check buffer length before touching it and unify exception

Browse Source 
Signed-off-by: Simon Rozman <simon@rozman.si>
This commit is contained in:
Simon Rozman 2020-01-23 09:14:44 +01:00
parent 9d0e261bbe
commit 2282a2c45f
3 changed files with 14 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
lib/EAPBase/src/Method.cpp
View File

@ -235,19 +235,19 @@ EapPeerMethodResponseAction eap::method_eap::process_request_packet(
_In_ DWORD dwReceivedPacketSize)
{
if (dwReceivedPacketSize < offsetof(EapPacket, Data))
throw invalid_argument(string_printf(__FUNCTION__ " Incomplete EAP packet header (minimum: %zu, received: %u).", offsetof(EapPacket, Data), dwReceivedPacketSize));
throw win_runtime_error(EAP_E_EAPHOST_METHOD_INVALID_PACKET, __FUNCTION__ " Incomplete EAP packet header.");
auto hdr = reinterpret_cast<const EapPacket*>(pReceivedPacket);
// Check packet size.
DWORD size_packet = ntohs(*reinterpret_cast<const unsigned short*>(hdr->Length));
if (size_packet > dwReceivedPacketSize)
throw invalid_argument(string_printf(__FUNCTION__ " Incorrect EAP packet length (expected: %u, received: %u).", size_packet, dwReceivedPacketSize));
throw win_runtime_error(EAP_E_EAPHOST_METHOD_INVALID_PACKET, string_printf(__FUNCTION__ " Incorrect EAP packet length (expected: %u, received: %u).", size_packet, dwReceivedPacketSize));
switch (hdr->Code) {
case EapCodeRequest:
if (dwReceivedPacketSize < sizeof(EapPacket))
throw invalid_argument(string_printf(__FUNCTION__ " Incomplete EAP packet (minimum: %zu, received: %u).", sizeof(EapPacket), dwReceivedPacketSize));
throw win_runtime_error(EAP_E_EAPHOST_METHOD_INVALID_PACKET, __FUNCTION__ " Incomplete EAP packet.");
// Save request packet ID to make matching response packet in get_response_packet() later.
m_id = hdr->Id;
@ -281,7 +281,7 @@ EapPeerMethodResponseAction eap::method_eap::process_request_packet(
throw invalid_argument(string_printf(__FUNCTION__ " EAP Failure packet received."));
default:
throw invalid_argument(string_printf(__FUNCTION__ " Unknown EAP packet received (expected: %u, received: %u).", EapCodeRequest, (int)hdr->Code));
throw win_runtime_error(EAP_E_EAPHOST_METHOD_INVALID_PACKET, string_printf(__FUNCTION__ " Unknown EAP packet received (expected: %u, received: %u).", EapCodeRequest, (int)hdr->Code));
}
}

2
lib/EAPBase/src/StdAfx.h
View File

@ -33,4 +33,6 @@
#include <WinStd/ETW.h>
#include <WinStd/Sec.h>
#include <Windows.h>
#include <EapHostError.h> // include after Windows.h
#include <EventsETW.h>

14
lib/TTLS/src/Method.cpp
View File

@ -1,21 +1,21 @@
/*
Copyright 2015-2020 Amebis
Copyright 2016 GÉANT
Copyright 2016 GÉANT
This file is part of GÉANTLink.
This file is part of GÉANTLink.
GÉANTLink is free software: you can redistribute it and/or modify it
GÉANTLink is free software: you can redistribute it and/or modify it
under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
GÉANTLink is distributed in the hope that it will be useful, but
GÉANTLink is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with GÉANTLink. If not, see <http://www.gnu.org/licenses/>.
along with GÉANTLink. If not, see <http://www.gnu.org/licenses/>.
*/
#include "StdAfx.h"
@ -60,9 +60,11 @@ EapPeerMethodResponseAction eap::method_defrag::process_request_packet(
_In_bytecount_(dwReceivedPacketSize) const void *pReceivedPacket,
_In_ DWORD dwReceivedPacketSize)
{
assert(dwReceivedPacketSize >= 1); // Request packet should contain flags at least.
auto data_packet = reinterpret_cast<const unsigned char*>(pReceivedPacket);
if (dwReceivedPacketSize < 1)
throw win_runtime_error(EAP_E_EAPHOST_METHOD_INVALID_PACKET, __FUNCTION__ " Incomplete packet flags.");
// To prevent version downgrade attacks, negotiate protocol version on binding exchange only. Then stick to it!
unsigned char data_version = data_packet[0] & flags_ver_mask;
if (m_phase == phase_t::init) {