nts: don't allow malformed encrypted extension fields

Require data decrypted from the NTS authenticator field to contain correctly formatted extension fields (known or unknown).
2025-12-03 17:35:06 -05:00 · 2020-07-20 13:38:22 +02:00
parent 77bd0f83fe
commit fd8fbcd090
2 changed files with 8 additions and 4 deletions
--- a/nts_ntp_client.c
+++ b/nts_ntp_client.c
@@ -352,8 +352,10 @@ extract_cookies(NNC_Instance inst, unsigned char *plaintext, int length)

  for (parsed = 0; parsed < length; parsed += ef_length) {
    if (!NEF_ParseSingleField(plaintext, length, parsed,
-                              &ef_length, &ef_type, &ef_body, &ef_body_length))
-      break;
+                              &ef_length, &ef_type, &ef_body, &ef_body_length)) {
+      DEBUG_LOG("Could not parse encrypted EF");
+      return 0;
+    }

    if (ef_type != NTP_EF_NTS_COOKIE)
      continue;
--- a/nts_ntp_server.c
+++ b/nts_ntp_server.c
@@ -176,8 +176,10 @@ NNS_CheckRequestAuth(NTP_Packet *packet, NTP_PacketInfo *info, uint32_t *kod)

  for (parsed = 0; parsed < plaintext_length; parsed += ef_length) {
    if (!NEF_ParseSingleField(plaintext, plaintext_length, parsed,
-                              &ef_length, &ef_type, &ef_body, &ef_body_length))
-      break;
+                              &ef_length, &ef_type, &ef_body, &ef_body_length)) {
+      DEBUG_LOG("Could not parse encrypted EF");
+      return 0;
+    }

    switch (ef_type) {
      case NTP_EF_NTS_COOKIE_PLACEHOLDER: