From ed1077a7880fdb2138df906beee1ba66977461d7 Mon Sep 17 00:00:00 2001 From: Miroslav Lichvar Date: Thu, 13 Aug 2020 14:25:12 +0200 Subject: [PATCH] nts: check all encrypted fields before saving cookies Don't save any cookies if an encrypted extension field fails parsing. --- nts_ntp_client.c | 24 +++++++++++++++++++++--- 1 file changed, 21 insertions(+), 3 deletions(-) diff --git a/nts_ntp_client.c b/nts_ntp_client.c index 79136f0..16f496b 100644 --- a/nts_ntp_client.c +++ b/nts_ntp_client.c @@ -353,6 +353,23 @@ NNC_GenerateRequestAuth(NNC_Instance inst, NTP_Packet *packet, /* ================================================== */ +static int +parse_encrypted_efs(NNC_Instance inst, unsigned char *plaintext, int length) +{ + int ef_length, parsed; + + for (parsed = 0; parsed < length; parsed += ef_length) { + if (!NEF_ParseSingleField(plaintext, length, parsed, &ef_length, NULL, NULL, NULL)) { + DEBUG_LOG("Could not parse encrypted EF"); + return 0; + } + } + + return 1; +} + +/* ================================================== */ + static int extract_cookies(NNC_Instance inst, unsigned char *plaintext, int length) { @@ -363,10 +380,8 @@ extract_cookies(NNC_Instance inst, unsigned char *plaintext, int length) for (parsed = 0; parsed < length; parsed += ef_length) { if (!NEF_ParseSingleField(plaintext, length, parsed, - &ef_length, &ef_type, &ef_body, &ef_body_length)) { - DEBUG_LOG("Could not parse encrypted EF"); + &ef_length, &ef_type, &ef_body, &ef_body_length)) return 0; - } if (ef_type != NTP_EF_NTS_COOKIE) continue; @@ -449,6 +464,9 @@ NNC_CheckResponseAuth(NNC_Instance inst, NTP_Packet *packet, plaintext, sizeof (plaintext), &plaintext_length)) return 0; + if (!parse_encrypted_efs(inst, plaintext, plaintext_length)) + return 0; + has_valid_auth = 1; break; default: