mirror of https://github.com/ctz/rustls
Test for 64KB certificate chain limit
This commit is contained in:
parent
1803e8e7ad
commit
22a9a49bd4
|
@ -1158,3 +1158,30 @@ fn cannot_read_messagehash_from_network() {
|
|||
let enc = mh.get_encoding();
|
||||
assert!(HandshakeMessagePayload::read_bytes(&enc).is_none());
|
||||
}
|
||||
|
||||
#[test]
|
||||
fn cannot_decode_huge_certificate() {
|
||||
let mut buf = [ 0u8; 65 * 1024 ];
|
||||
// exactly 64KB decodes fine
|
||||
buf[0] = 0x0b;
|
||||
buf[1] = 0x01;
|
||||
buf[2] = 0x00;
|
||||
buf[3] = 0x03;
|
||||
buf[4] = 0x01;
|
||||
buf[5] = 0x00;
|
||||
buf[6] = 0x00;
|
||||
buf[7] = 0x00;
|
||||
buf[8] = 0xff;
|
||||
buf[9] = 0xfd;
|
||||
HandshakeMessagePayload::read_bytes(&buf)
|
||||
.unwrap();
|
||||
|
||||
// however 64KB + 1 byte does not
|
||||
buf[1] = 0x01;
|
||||
buf[2] = 0x00;
|
||||
buf[3] = 0x04;
|
||||
buf[4] = 0x01;
|
||||
buf[5] = 0x00;
|
||||
buf[6] = 0x01;
|
||||
assert!(HandshakeMessagePayload::read_bytes(&buf).is_none());
|
||||
}
|
||||
|
|
|
@ -241,4 +241,40 @@ mod tests {
|
|||
|
||||
pop_eq(&expect, &mut hj);
|
||||
}
|
||||
|
||||
#[test]
|
||||
fn test_rejoins_then_rejects_giant_certs() {
|
||||
let mut hj = HandshakeJoiner::new();
|
||||
let msg = Message {
|
||||
typ: ContentType::Handshake,
|
||||
version: ProtocolVersion::TLSv1_2,
|
||||
payload: MessagePayload::new_opaque(b"\x0b\x01\x00\x04\x01\x00\x01\x00\xff\xfe".to_vec()),
|
||||
};
|
||||
|
||||
assert_eq!(hj.want_message(&msg), true);
|
||||
assert_eq!(hj.take_message(msg), Some(0));
|
||||
assert_eq!(hj.is_empty(), false);
|
||||
|
||||
for _i in 0..8191 {
|
||||
let msg = Message {
|
||||
typ: ContentType::Handshake,
|
||||
version: ProtocolVersion::TLSv1_2,
|
||||
payload: MessagePayload::new_opaque(b"\x01\x02\x03\x04\x05\x06\x07\x08".to_vec()),
|
||||
};
|
||||
|
||||
assert_eq!(hj.want_message(&msg), true);
|
||||
assert_eq!(hj.take_message(msg), Some(0));
|
||||
assert_eq!(hj.is_empty(), false);
|
||||
}
|
||||
|
||||
// final 6 bytes
|
||||
let msg = Message {
|
||||
typ: ContentType::Handshake,
|
||||
version: ProtocolVersion::TLSv1_2,
|
||||
payload: MessagePayload::new_opaque(b"\x01\x02\x03\x04\x05\x06".to_vec()),
|
||||
};
|
||||
|
||||
assert_eq!(hj.want_message(&msg), true);
|
||||
assert_eq!(hj.take_message(msg), None);
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue