Invalid payload for user_mapping ext from RFC 4681

WestpointLtd · Aug 27, 2016 · ba72318 · ba72318
1 parent baf1307
commit ba72318
Show file tree

Hide file tree

Showing 3 changed files with 89 additions and 1 deletion.
diff --git a/prober.py b/prober.py
@@ -167,7 +167,10 @@
     DoubleExtension12PFS(),
     UserMappingNull(),
     UserMappingNull12(),
-    UserMappingNull12PFS()
+    UserMappingNull12PFS(),
+    UserMappingOverflow(),
+    UserMappingOverflow12(),
+    UserMappingOverflow12PFS()
 ]
 
 def probe(ipaddress, port, starttls, specified_probe):

diff --git a/probes.py b/probes.py
@@ -1609,3 +1609,23 @@ class UserMappingNull12(UserMappingNull, NormalHandshake12):
 class UserMappingNull12PFS(UserMappingNull, NormalHandshake12PFS):
     '''Send empty user mapping extension in PFS TLSv1.2 hello'''
     pass
+
+
+class UserMappingOverflow(UserMappingNull):
+    '''Send user mapping extension with length longer than present in hello'''
+
+    def test(self, sock):
+        logging.debug('Sending Client Hello...')
+        # extension consists of an array and the array needs at least one
+        # element, send the length of array (one byte) longer than payload size
+        sock.write(self.make_user_mapping_ext(b'\x02\x40'))
+
+
+class UserMappingOverflow12(UserMappingOverflow, NormalHandshake12):
+    '''As with UserMappingOverflow but in TLSv1.2 hello'''
+    pass
+
+
+class UserMappingOverflow12PFS(UserMappingOverflow, NormalHandshake12PFS):
+    '''As with UserMappingOverflow but in PFS TLSv1.2 hello'''
+    pass
diff --git a/tests/test_probes.py b/tests/test_probes.py
@@ -3074,3 +3074,68 @@ def test_test(self):
                           b"\x01\x00"
                           b'\x00\x04'
                           b'\x00\x06\x00\x00'])
+
+
+class TestUserMappingOverflow(unittest.TestCase):
+    def test_test(self):
+        probe = UserMappingOverflow()
+        sock = MockSock()
+
+        probe.test(sock)
+
+        self.maxDiff = None
+        self.assertEqual(sock.sent_data,
+                         [b'\x16\x03\x01\x00A'
+                          b'\x01\x00\x00='
+                          b'\x03\x01' +
+                          RANDOM_STR +
+                          b'\x00'
+                          b'\x00\x0e' +
+                          DEFAULT_CIPHERS_STR +
+                          b'\x01\x00'
+                          b'\x00\x06'
+                          b'\x00\x06\x00\x02'
+                          b'\x02\x40'])
+
+
+class TestUserMappingOverflow12(unittest.TestCase):
+    def test_test(self):
+        probe = UserMappingOverflow12()
+        sock = MockSock()
+
+        probe.test(sock)
+
+        self.assertEqual(sock.sent_data,
+                         [b'\x16\x03\x01\x00Y'
+                          b'\x01\x00\x00U'
+                          b'\x03\x03' +
+                          RANDOM_STR +
+                          b'\x00'
+                          b'\x00&' +
+                          DEFAULT_12_CIPHERS_STR +
+                          b'\x01\x00'
+                          b'\x00\x06'
+                          b'\x00\x06\x00\x02'
+                          b'\x02\x40'])
+
+
+class TestUserMappingOverflow12PFS(unittest.TestCase):
+    def test_test(self):
+        probe = UserMappingOverflow12PFS()
+        sock = MockSock()
+
+        probe.test(sock)
+
+        self.maxDiff = None
+        self.assertEqual(sock.sent_data,
+                         [b"\x16\x03\x01\x00\x91"
+                          b"\x01\x00\x00\x8d"
+                          b"\x03\x03" +
+                          RANDOM_STR +
+                          b"\x00"
+                          b"\x00^" +
+                          DEFAULT_PFS_CIPHERS_STR +
+                          b"\x01\x00"
+                          b'\x00\x06'
+                          b'\x00\x06\x00\x02'
+                          b'\x02\x40'])