From 8a431a64cb6eb05addc8d0373ebf7f4e5bc683e7 Mon Sep 17 00:00:00 2001 From: Yawning Angel Date: Fri, 16 May 2014 03:12:12 +0000 Subject: Validate that the padding length is greater than the minimum. --- handshake_ntor.go | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) (limited to 'handshake_ntor.go') diff --git a/handshake_ntor.go b/handshake_ntor.go index 38d8728..80a9698 100644 --- a/handshake_ntor.go +++ b/handshake_ntor.go @@ -169,8 +169,8 @@ func (hs *clientHandshake) parseServerHandshake(resp []byte) (int, []byte, error } // Attempt to find the mark + MAC. - pos := findMark(hs.serverMark, resp, - ntor.RepresentativeLength+ntor.AuthLength, serverMaxHandshakeLength) + pos := findMark(hs.serverMark, resp, ntor.RepresentativeLength+ntor.AuthLength+serverMinPadLength, + serverMaxHandshakeLength) if pos == -1 { if len(resp) >= serverMaxHandshakeLength { return 0, nil, ErrInvalidHandshake @@ -243,7 +243,7 @@ func (hs *serverHandshake) parseClientHandshake(resp []byte) ([]byte, error) { } // Attempt to find the mark + MAC. - pos := findMark(hs.clientMark, resp, ntor.RepresentativeLength, + pos := findMark(hs.clientMark, resp, ntor.RepresentativeLength+clientMinPadLength, serverMaxHandshakeLength) if pos == -1 { if len(resp) >= clientMaxHandshakeLength { @@ -352,6 +352,9 @@ func findMark(mark, buf []byte, startPos, maxPos int) int { if endPos > maxPos { endPos = maxPos } + if startPos > len(buf) { + return -1 + } // XXX: bytes.Index() uses a naive search, which kind of sucks. pos := bytes.Index(buf[startPos:endPos], mark) -- cgit v1.2.3