diff options
| author | Kenny Root <kenny@the-b.org> | 2015-12-25 20:16:23 -0600 |
|---|---|---|
| committer | Kenny Root <kenny@the-b.org> | 2015-12-25 20:30:55 -0600 |
| commit | 1bd5343e71b7ebd09aabaebba282227a7786e5ba (patch) | |
| tree | 19abd9c56bcf658286b1db7739c760627c93dd2e | |
| parent | 39aef25501455b50fff7e0cb3ddf5399ab4bfc29 (diff) | |
| download | sshlib-1bd5343e71b7ebd09aabaebba282227a7786e5ba.tar.gz sshlib-1bd5343e71b7ebd09aabaebba282227a7786e5ba.tar.bz2 sshlib-1bd5343e71b7ebd09aabaebba282227a7786e5ba.zip | |
Add length check with test
| -rw-r--r-- | sshlib/build.gradle | 2 | ||||
| -rw-r--r-- | sshlib/src/main/java/com/trilead/ssh2/crypto/SimpleDERReader.java | 8 | ||||
| -rw-r--r-- | sshlib/src/test/java/com/trilead/ssh2/crypto/SimpleDERReaderTest.java | 67 |
3 files changed, 76 insertions, 1 deletions
diff --git a/sshlib/build.gradle b/sshlib/build.gradle index e22fe39..d43c56e 100644 --- a/sshlib/build.gradle +++ b/sshlib/build.gradle @@ -15,4 +15,6 @@ dependencies { compile fileTree(dir: 'libs', include: ['*.jar']) compile 'com.jcraft:jzlib:1.1.3' compile 'org.connectbot:simplesocks:1.0.1' + + testCompile 'junit:junit:4.12' } diff --git a/sshlib/src/main/java/com/trilead/ssh2/crypto/SimpleDERReader.java b/sshlib/src/main/java/com/trilead/ssh2/crypto/SimpleDERReader.java index ff8112a..beca5f7 100644 --- a/sshlib/src/main/java/com/trilead/ssh2/crypto/SimpleDERReader.java +++ b/sshlib/src/main/java/com/trilead/ssh2/crypto/SimpleDERReader.java @@ -68,7 +68,8 @@ public class SimpleDERReader return count; } - private int readLength() throws IOException + /* visible for testing */ + int readLength() throws IOException { int len = readByte() & 0xff; @@ -79,6 +80,8 @@ public class SimpleDERReader if (remain == 0) return -1; + else if (remain > 4) + return -1; len = 0; @@ -89,6 +92,9 @@ public class SimpleDERReader remain--; } + if (len < 0) + return -1; + return len; } diff --git a/sshlib/src/test/java/com/trilead/ssh2/crypto/SimpleDERReaderTest.java b/sshlib/src/test/java/com/trilead/ssh2/crypto/SimpleDERReaderTest.java new file mode 100644 index 0000000..3eaec20 --- /dev/null +++ b/sshlib/src/test/java/com/trilead/ssh2/crypto/SimpleDERReaderTest.java @@ -0,0 +1,67 @@ +package com.trilead.ssh2.crypto; + +import org.junit.Test; + +import java.io.IOException; + +import static org.junit.Assert.*; +import static org.hamcrest.CoreMatchers.*; + +/** + * Created by kenny on 12/25/15. + */ +public class SimpleDERReaderTest { + @Test + public void readLength_Extended_OverlyLongLength() throws Exception { + byte[] vector = new byte[] { + (byte) 0x85, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF + }; + SimpleDERReader reader = new SimpleDERReader(vector); + assertEquals(-1, reader.readLength()); + } + + @Test + public void readLength_Extended_TooLongForInt() throws Exception { + byte[] vector = new byte[] { + (byte) 0x84, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF + }; + SimpleDERReader reader = new SimpleDERReader(vector); + assertEquals(-1, reader.readLength()); + } + + @Test + public void readLength_Extended_Zero() throws Exception { + byte[] vector = new byte[] { + (byte) 0x80, (byte) 0x01 + }; + SimpleDERReader reader = new SimpleDERReader(vector); + assertEquals(-1, reader.readLength()); + } + + @Test + public void readLength_Extended_Valid() throws Exception { + byte[] vector = new byte[] { + (byte) 0x82, (byte) 0x05, (byte) 0xFF + }; + SimpleDERReader reader = new SimpleDERReader(vector); + assertEquals(0x5FF, reader.readLength()); + } + + @Test + public void readLength_Short_Zero() throws Exception { + byte[] vector = new byte[] { + (byte) 0x00 + }; + SimpleDERReader reader = new SimpleDERReader(vector); + assertEquals(0, reader.readLength()); + } + + @Test + public void readLength_Short_Regular() throws Exception { + byte[] vector = new byte[] { + (byte) 0x09 + }; + SimpleDERReader reader = new SimpleDERReader(vector); + assertEquals(9, reader.readLength()); + } +}
\ No newline at end of file |