nts: check all encrypted fields before saving cookies

Don't save any cookies if an encrypted extension field fails parsing.
2020-08-13 14:25:12 +02:00 · 2020-08-13 14:25:12 +02:00 · ed1077a788
commit ed1077a788
parent 356c475a6a
1 changed files with 21 additions and 3 deletions
--- a/nts_ntp_client.c
+++ b/nts_ntp_client.c
@ -353,6 +353,23 @@ NNC_GenerateRequestAuth(NNC_Instance inst, NTP_Packet *packet,

 /* ================================================== */

+static int
+parse_encrypted_efs(NNC_Instance inst, unsigned char *plaintext, int length)
+{
+  int ef_length, parsed;
+
+  for (parsed = 0; parsed < length; parsed += ef_length) {
+    if (!NEF_ParseSingleField(plaintext, length, parsed, &ef_length, NULL, NULL, NULL)) {
+      DEBUG_LOG("Could not parse encrypted EF");
+      return 0;
+    }
+  }
+
+  return 1;
+}
+
+/* ================================================== */
+
 static int
 extract_cookies(NNC_Instance inst, unsigned char *plaintext, int length)
 {
@ -363,10 +380,8 @@ extract_cookies(NNC_Instance inst, unsigned char *plaintext, int length)

  for (parsed = 0; parsed < length; parsed += ef_length) {
    if (!NEF_ParseSingleField(plaintext, length, parsed,
-                              &ef_length, &ef_type, &ef_body, &ef_body_length)) {
-      DEBUG_LOG("Could not parse encrypted EF");
+                              &ef_length, &ef_type, &ef_body, &ef_body_length))
      return 0;
-    }

    if (ef_type != NTP_EF_NTS_COOKIE)
      continue;
@ -449,6 +464,9 @@ NNC_CheckResponseAuth(NNC_Instance inst, NTP_Packet *packet,
                               plaintext, sizeof (plaintext), &plaintext_length))
          return 0;

+        if (!parse_encrypted_efs(inst, plaintext, plaintext_length))
+          return 0;
+
        has_valid_auth = 1;
        break;
      default: