From 0be3937be7b7bcded9cc1473b6c33ae975fe1adb Mon Sep 17 00:00:00 2001 From: AnotherTest Date: Mon, 24 Aug 2020 06:48:40 +0430 Subject: [PATCH] LibTLS: Do not process_message() the finished message twice With two different sequence numbers to boot! Fixes #3273 --- Libraries/LibTLS/ClientHandshake.cpp | 3 +-- Libraries/LibTLS/Record.cpp | 8 +++++--- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/Libraries/LibTLS/ClientHandshake.cpp b/Libraries/LibTLS/ClientHandshake.cpp index 52389f0e0f7..8b4bc28fa03 100644 --- a/Libraries/LibTLS/ClientHandshake.cpp +++ b/Libraries/LibTLS/ClientHandshake.cpp @@ -216,7 +216,6 @@ ssize_t TLSv12::handle_finished(const ByteBuffer& buffer, WritePacketStage& writ size_t index = 3; u32 size = buffer[0] * 0x10000 + buffer[1] * 0x100 + buffer[2]; - index += 3; if (size < 12) { #ifdef TLS_DEBUG @@ -248,7 +247,7 @@ ssize_t TLSv12::handle_finished(const ByteBuffer& buffer, WritePacketStage& writ if (on_tls_ready_to_write) on_tls_ready_to_write(*this); - return handle_message(buffer); + return index + size; } void TLSv12::build_random(PacketBuilder& builder) diff --git a/Libraries/LibTLS/Record.cpp b/Libraries/LibTLS/Record.cpp index ba9cb231345..3d468778dc9 100644 --- a/Libraries/LibTLS/Record.cpp +++ b/Libraries/LibTLS/Record.cpp @@ -233,11 +233,13 @@ ssize_t TLSv12::handle_message(const ByteBuffer& buffer) return (i8)Error::BrokenPacket; } - const u8* message_hmac = decrypted_span.offset(length - mac_size); + length -= mac_size; + + const u8* message_hmac = decrypted_span.offset(length); u8 temp_buf[5]; memcpy(temp_buf, buffer.offset_pointer(0), 3); *(u16*)(temp_buf + 3) = convert_between_host_and_network(length); - auto hmac = hmac_message({ temp_buf, 5 }, decrypted_span, mac_size); + auto hmac = hmac_message({ temp_buf, 5 }, decrypted_span.slice(0, length), mac_size); auto message_mac = ByteBuffer::wrap(const_cast(message_hmac), mac_size); if (hmac != message_mac) { dbg() << "integrity check failed (mac length " << length << ")"; @@ -250,7 +252,7 @@ ssize_t TLSv12::handle_message(const ByteBuffer& buffer) return (i8)Error::IntegrityCheckFailed; } - plain = decrypted.slice(0, length - mac_size); + plain = decrypted.slice(0, length); } m_context.remote_sequence_number++;