oscore: Small bug fixes.

- Rename Key ID Context header field. - Account for ID Context in max info length calculation. Change-Id: I6f61055dba74294ace275eb852e34ea6caa32627 Reviewed-on: https://code.wireshark.org/review/37642 Petri-Dish: Anders Broman <a.broman58@gmail.com> Tested-by: Petri Dish Buildbot Reviewed-by: Anders Broman <a.broman58@gmail.com>
2020-06-04 13:30:11 +02:00 · 2020-06-04 13:30:11 +02:00 · ff4296a1fe
parent 916550de96
commit ff4296a1fe
2 changed files with 9 additions and 3 deletions
--- a/epan/dissectors/packet-coap.h
+++ b/epan/dissectors/packet-coap.h
@ -289,7 +289,7 @@ coap_common_dissect_t name = {							\
 	    NULL, HFILL }							\
 	},									\
 	{ & name .hf.opt_object_security_kid_context,				\
-	  { "Partial IV",  prefix ".opt.object_security_kid_context",		\
+	  { "Key ID Context",  prefix ".opt.object_security_kid_context",	\
 	    FT_BYTES, BASE_NONE, NULL, 0x00,					\
 	    NULL, HFILL }							\
 	},									\
--- a/epan/dissectors/packet-oscore.c
+++ b/epan/dissectors/packet-oscore.c
@ -93,11 +93,13 @@ UAT_VS_DEF(oscore_context_uat, algorithm, oscore_context_t, cose_aead_alg_t, COS
 #define OSCORE_PIV_MAX_LEN              5 /* upper bound specified in the draft */
 #define OSCORE_KID_MAX_LEN_CCM_STAR     7 /* upper bound on KID for AES-CCM-16-64-128 (CCM*) */
 #define OSCORE_KID_MAX_LEN              OSCORE_KID_MAX_LEN_CCM_STAR /* upper bound on KID coming from the default algorithm implemented */
+#define OSCORE_KID_CONTEXT_MAX_LEN      64

 /* Helper macros to correctly size the statically allocated buffers and verify if an overflow occured */

 #define OSCORE_INFO_MAX_LEN             (1 + /* max return of cborencoder_put_array() */             \
                                        2 + OSCORE_KID_MAX_LEN + /* max 2 to encode length, KID following */ \
+                                        2 + OSCORE_KID_CONTEXT_MAX_LEN + /* length + KID CONTEXT */ \
                                        2 + /* max return of cborencoder_put_unsigned() */          \
                                        2 + 3 + /* max 2 to encode length, "Key" following */       \
                                        2 /* max return of cborencoder_put_unsigned() */            )
@ -217,14 +219,18 @@ static gboolean oscore_context_update_cb(void *r, char **err) {
        return FALSE;
    }

-    /* No max length check on ID Context. We use GByteArray to allocate memory
-     * and pass it to the context derivation routine */
    if (hex_str_to_bytes(rec->id_context_prefs, bytes, FALSE) == FALSE) {
        *err = g_strdup("ID Context is invalid.");
        g_byte_array_free(bytes, TRUE);
        return FALSE;
    }

+    if (bytes->len > OSCORE_KID_CONTEXT_MAX_LEN) {
+        *err = g_strdup_printf("Should be %u bytes or less.", OSCORE_KID_CONTEXT_MAX_LEN);
+        g_byte_array_free(bytes, TRUE);
+        return FALSE;
+    }
+
    if (hex_str_to_bytes(rec->master_secret_prefs, bytes, FALSE) == FALSE) {
        *err = g_strdup("Master Secret is invalid.");
        g_byte_array_free(bytes, TRUE);