From 33a991bb3aba7ef3299ef7c7d09ba7bce57fd7cd Mon Sep 17 00:00:00 2001 From: George Pantelakis Date: Wed, 16 Oct 2024 12:05:50 +0200 Subject: [PATCH] messages.py: handle empty compressed certificate message --- tlslite/messages.py | 4 ++++ unit_tests/test_tlslite_messages.py | 19 ++++++++++++++++++- 2 files changed, 22 insertions(+), 1 deletion(-) diff --git a/tlslite/messages.py b/tlslite/messages.py index c5e83bb6..4c4f43c5 100644 --- a/tlslite/messages.py +++ b/tlslite/messages.py @@ -2554,6 +2554,10 @@ def parse(self, p): self.compression_algo = p.get(2) expected_length = p.get(3) compressed_msg = p.getVarBytes(3) + + if len(compressed_msg) == 0: + raise DecodeError("Empty compress certificate message") + p.stopLengthCheck() certificate_msg = self._decompress(compressed_msg, expected_length) diff --git a/unit_tests/test_tlslite_messages.py b/unit_tests/test_tlslite_messages.py index 02072113..07c591bb 100644 --- a/unit_tests/test_tlslite_messages.py +++ b/unit_tests/test_tlslite_messages.py @@ -4062,7 +4062,7 @@ def test_write_none(self): @unittest.skipIf(PY_VER < (3, ), "In Python2 zlib fails to decompress an empty message") - def test_parse_empty(self): + def test_parse_empty_certificate(self): cc = CompressedCertificate(CertificateType.x509) algos = [CertificateCompressionAlgorithm.zlib] @@ -4097,6 +4097,23 @@ def test_parse_empty(self): self.assertEqual(cc.compression_algo, algo) cc.compression_algo = None + def test_parse_empty_message(self): + cc = CompressedCertificate(CertificateType.x509) + + writer = Writer() + writer.add(8, 3) + writer.add(CertificateCompressionAlgorithm.zlib, 2) + writer.bytes += b'\x00\x00\xff' # length of uncompressed message + writer.add(0, 3) + + parser = Parser(writer.bytes) + + with self.assertRaises(DecodeError) as e: + cc = cc.parse(parser) + + self.assertIn("Empty compress certificate message", + str(e.exception)) + @unittest.skipIf(PY_VER < (3, ), "In Python2 zlib fails to decompress an empty message") def test_parse_empty_with_wrong_expected_size(self):