LibTLS: Do not process_message() the finished message twice

With two different sequence numbers to boot! Fixes #3273
Author: https://github.com/alimpfard Commit: https://github.com/SerenityOS/serenity/commit/0be3937be7b Pull-request: https://github.com/SerenityOS/serenity/pull/3278 Issue: https://github.com/SerenityOS/serenity/issues/3273
2025-01-23 09:46:04 -05:00 · 2020-08-24 06:48:40 +04:30 · 2020-08-24 06:48:40 +04:30 · 0be3937be7 · 2024-07-19 03:13:57 +09:00
commit 0be3937be7
parent 7a2b5d1328
2 changed files with 6 additions and 5 deletions
--- a/Libraries/LibTLS/ClientHandshake.cpp
+++ b/Libraries/LibTLS/ClientHandshake.cpp
@ -216,7 +216,6 @@ ssize_t TLSv12::handle_finished(const ByteBuffer& buffer, WritePacketStage& writ
    size_t index = 3;

    u32 size = buffer[0] * 0x10000 + buffer[1] * 0x100 + buffer[2];
-    index += 3;

    if (size < 12) {
 #ifdef TLS_DEBUG
@ -248,7 +247,7 @@ ssize_t TLSv12::handle_finished(const ByteBuffer& buffer, WritePacketStage& writ
    if (on_tls_ready_to_write)
        on_tls_ready_to_write(*this);

-    return handle_message(buffer);
+    return index + size;
 }

 void TLSv12::build_random(PacketBuilder& builder)
--- a/Libraries/LibTLS/Record.cpp
+++ b/Libraries/LibTLS/Record.cpp
@ -233,11 +233,13 @@ ssize_t TLSv12::handle_message(const ByteBuffer& buffer)
            return (i8)Error::BrokenPacket;
        }

-        const u8* message_hmac = decrypted_span.offset(length - mac_size);
+        length -= mac_size;
+
+        const u8* message_hmac = decrypted_span.offset(length);
        u8 temp_buf[5];
        memcpy(temp_buf, buffer.offset_pointer(0), 3);
        *(u16*)(temp_buf + 3) = convert_between_host_and_network(length);
-        auto hmac = hmac_message({ temp_buf, 5 }, decrypted_span, mac_size);
+        auto hmac = hmac_message({ temp_buf, 5 }, decrypted_span.slice(0, length), mac_size);
        auto message_mac = ByteBuffer::wrap(const_cast<u8*>(message_hmac), mac_size);
        if (hmac != message_mac) {
            dbg() << "integrity check failed (mac length " << length << ")";
@ -250,7 +252,7 @@ ssize_t TLSv12::handle_message(const ByteBuffer& buffer)

            return (i8)Error::IntegrityCheckFailed;
        }
-        plain = decrypted.slice(0, length - mac_size);
+        plain = decrypted.slice(0, length);
    }
    m_context.remote_sequence_number++;