Merge pull request #495 from tlsfuzzer/ccs-fix

tomato42 · web-flow · commit 3657285285f2 · 2023-07-31T15:52:13.000+02:00
detect malformed CCS messages
diff --git a/tlslite/messages.py b/tlslite/messages.py
@@ -1898,6 +1898,8 @@ def parse(self, p):
         p.setLengthCheck(1)
         self.type = p.get(1)
         p.stopLengthCheck()
+        if p.getRemainingLength():
+            raise DecodeError("Multi-byte CCS message")
         return self
 
     def write(self):
diff --git a/unit_tests/test_tlslite_messages.py b/unit_tests/test_tlslite_messages.py
@@ -3278,6 +3278,14 @@ def test_parse(self):
         self.assertIsInstance(ccs, ChangeCipherSpec)
         self.assertEqual(ccs.type, 1)
 
+    def test_parse_wrong_size(self):
+        parser = Parser(bytearray(b'\x01\x01'))
+
+        ccs = ChangeCipherSpec()
+
+        with self.assertRaises(SyntaxError):
+            ccs.parse(parser)
+
 
 class TestNextProtocol(unittest.TestCase):
     def test___init__(self):
