crypto/tls: fix first byte test for 255 CBC padding bytes

The BadCBCPadding255 test from bogo failed because at most 255 trailing bytes were checked, but for a padding of 255 there are 255 padding bytes plus 1 length byte with value 255. Change-Id: I7dd237c013d2c7c8599067246e31b7ba93106cf7 Reviewed-on: https://go-review.googlesource.com/68070 Reviewed-by: Adam Langley <agl@golang.org> Run-TryBot: Adam Langley <agl@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org>
2017-10-04 13:44:34 +01:00 · 2017-10-04 13:44:34 +01:00 · 8ae95fd882
commit 8ae95fd882
parent 8251c0f791
2 changed files with 16 additions and 3 deletions
--- a/conn.go
+++ b/conn.go
@ -213,10 +213,11 @@ func extractPadding(payload []byte) (toRemove int, good byte) {
 	// if len(payload) >= (paddingLen - 1) then the MSB of t is zero
 	good = byte(int32(^t) >> 31)
-	toCheck := 255 // the maximum possible padding length
+	// The maximum possible padding length plus the actual length field
 	toCheck := 256
 	// The length of the padded data is public, so we can use an if here
-	if toCheck+1 > len(payload) {
+	if toCheck > len(payload) {
-		toCheck = len(payload) - 1
+		toCheck = len(payload)
 	}
 	for i := 0; i < toCheck; i++ {
--- a/conn_test.go
+++ b/conn_test.go
@ -21,6 +21,12 @@ func TestRoundUp(t *testing.T) {
 	}
 }
 // will be initialized with {0, 255, 255, ..., 255}
 var padding255Bad = [256]byte{}
 // will be initialized with {255, 255, 255, ..., 255}
 var padding255Good = [256]byte{255}
 var paddingTests = []struct {
 	in          []byte
 	good        bool
@ -36,9 +42,15 @@ var paddingTests = []struct {
 	{[]byte{1, 4, 4, 4, 4, 4}, true, 1},
 	{[]byte{5, 5, 5, 5, 5, 5}, true, 0},
 	{[]byte{6, 6, 6, 6, 6, 6}, false, 0},
 	{padding255Bad[:], false, 0},
 	{padding255Good[:], true, 0},
 }
 func TestRemovePadding(t *testing.T) {
 	for i := 1; i < len(padding255Bad); i++ {
 		padding255Bad[i] = 255
 		padding255Good[i] = 255
 	}
 	for i, test := range paddingTests {
 		paddingLen, good := extractPadding(test.in)
 		expectedGood := byte(255)