Merge pull request #531 from GeorgePantelakis/compress_certificate_ex…

…tension messages.py: handle empty compressed certificate message
tlsfuzzer · Oct 16, 2024 · b333690 · b333690
2 parents 0156727 + 33a991b
commit b333690
Show file tree

Hide file tree

Showing 2 changed files with 22 additions and 1 deletion.
diff --git a/tlslite/messages.py b/tlslite/messages.py
@@ -2554,6 +2554,10 @@ def parse(self, p):
         self.compression_algo = p.get(2)
         expected_length = p.get(3)
         compressed_msg = p.getVarBytes(3)
+
+        if len(compressed_msg) == 0:
+            raise DecodeError("Empty compress certificate message")
+
         p.stopLengthCheck()
         certificate_msg = self._decompress(compressed_msg, expected_length)
 

diff --git a/unit_tests/test_tlslite_messages.py b/unit_tests/test_tlslite_messages.py
@@ -4062,7 +4062,7 @@ def test_write_none(self):
 
     @unittest.skipIf(PY_VER < (3, ),
         "In Python2 zlib fails to decompress an empty message")
-    def test_parse_empty(self):
+    def test_parse_empty_certificate(self):
         cc = CompressedCertificate(CertificateType.x509)
 
         algos = [CertificateCompressionAlgorithm.zlib]
@@ -4097,6 +4097,23 @@ def test_parse_empty(self):
             self.assertEqual(cc.compression_algo, algo)
             cc.compression_algo = None
 
+    def test_parse_empty_message(self):
+        cc = CompressedCertificate(CertificateType.x509)
+
+        writer = Writer()
+        writer.add(8, 3)
+        writer.add(CertificateCompressionAlgorithm.zlib, 2)
+        writer.bytes += b'\x00\x00\xff'  # length of uncompressed message
+        writer.add(0, 3)
+
+        parser = Parser(writer.bytes)
+
+        with self.assertRaises(DecodeError) as e:
+            cc = cc.parse(parser)
+
+        self.assertIn("Empty compress certificate message",
+                      str(e.exception))
+
     @unittest.skipIf(PY_VER < (3, ),
         "In Python2 zlib fails to decompress an empty message")
     def test_parse_empty_with_wrong_expected_size(self):