truncated length of extensions field

WestpointLtd · Aug 27, 2016 · e4bd687 · e4bd687
1 parent 1edb130
commit e4bd687
Show file tree

Hide file tree

Showing 3 changed files with 84 additions and 0 deletions.
diff --git a/prober.py b/prober.py
@@ -63,6 +63,9 @@
     InvalidCiphersLength(),
     InvalidCiphersLength12(),
     InvalidCiphersLength12PFS(),
+    InvalidExtLength(),
+    InvalidExtLength12(),
+    InvalidExtLength12PFS(),
     DoubleClientHello(),
     DoubleClientHello12(),
     DoubleClientHello12PFS(),

diff --git a/probes.py b/probes.py
@@ -286,6 +286,31 @@ class InvalidCiphersLength12PFS(InvalidCiphersLength, InvalidSessionID12PFS):
     pass
 
 
+class InvalidExtLength(InvalidSessionID):
+    '''Send client hello with length of extensions filed truncated'''
+
+    def make_hello_payload(self, version, cipher_suites):
+        ciphers = struct.pack('>H{0}H'.format(len(cipher_suites)),
+                              len(cipher_suites) * 2, *cipher_suites)
+        hello = (struct.pack('>H32sB',
+                             version,
+                             b'01234567890123456789012345678901',
+                             0) +
+                 ciphers + b'\x01\x00' + b'\x00')
+
+        return hello
+
+
+class InvalidExtLength12(InvalidExtLength, InvalidSessionID12):
+    '''As with InvalidExtLength but in TLSv1.2 hello'''
+    pass
+
+
+class InvalidExtLength12PFS(InvalidExtLength, InvalidSessionID12PFS):
+    '''As with InvalidExtLength but in PFS TLSv1.2 hello'''
+    pass
+
+
 class DoubleClientHello(NormalHandshake):
     '''Two client hellos'''
 

diff --git a/tests/test_probes.py b/tests/test_probes.py
@@ -373,6 +373,62 @@ def test_test(self):
                           b'\x00\x00'])
 
 
+class TestInvalidExtLength(unittest.TestCase):
+    def test_test(self):
+        probe = InvalidExtLength()
+        sock = MockSock()
+
+        probe.test(sock)
+
+        self.assertEqual(sock.sent_data,
+                         [b'\x16\x03\x01\x00:'
+                          b'\x01\x00\x006'
+                          b'\x03\x01' +
+                          RANDOM_STR +
+                          b'\x00'
+                          b'\x00\x0e' +
+                          DEFAULT_CIPHERS_STR +
+                          b'\x01\x00'
+                          b'\x00'])
+
+
+class TestInvalidExtLength12(unittest.TestCase):
+    def test_test(self):
+        probe = InvalidExtLength12()
+        sock = MockSock()
+
+        probe.test(sock)
+
+        self.assertEqual(sock.sent_data,
+                         [b'\x16\x03\x01\x00R'
+                           b'\x01\x00\x00N'
+                           b'\x03\x03' +
+                           RANDOM_STR +
+                           b'\x00'
+                           b'\x00&' +
+                           DEFAULT_12_CIPHERS_STR +
+                           b'\x01\x00'
+                           b'\x00'])
+
+
+class TestInvalidExtLength12PFS(unittest.TestCase):
+    def test_test(self):
+        probe = InvalidExtLength12PFS()
+        sock = MockSock()
+
+        probe.test(sock)
+
+        self.assertEqual(sock.sent_data,
+                         [b"\x16\x03\x01\x00\x8a"
+                          b"\x01\x00\x00\x86"
+                          b"\x03\x03" +
+                          RANDOM_STR +
+                          b"\x00"
+                          b"\x00^" +
+                          DEFAULT_PFS_CIPHERS_STR +
+                          b"\x01\x00"
+                          b"\x00"])
+
 class TestDoubleClientHello(unittest.TestCase):
     def test_test(self):
         probe = DoubleClientHello()