kirillius
/
Cloak
mirror of https://github.com/cbeuw/Cloak
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fail to parse ClientHello if the TLS record layer Content Type and versions are wrong

This commit is contained in:
Andy Wang 2019-08-17 00:35:28 +01:00
parent 0e0a3314c9
commit 57255fdeb2
2 changed files with 9 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
internal/server/TLS.go
View File

@ -104,6 +104,10 @@ func parseClientHello(data []byte) (ret *ClientHello, err error) {
} }
}() }()
if !bytes.Equal(data[0:3], []byte{0x16, 0x03, 0x01}) {
return ret, errors.New("wrong TLS handshake magic bytes")
}
peeled := make([]byte, len(data)-5) peeled := make([]byte, len(data)-5)
copy(peeled, data[5:]) copy(peeled, data[5:])
pointer := 0 pointer := 0

5
internal/server/TLS_test.go
View File

@ -12,9 +12,11 @@ func TestParseClientHello(t *testing.T) {
ch, err := parseClientHello(chBytes) ch, err := parseClientHello(chBytes)
if err != nil { if err != nil {
t.Errorf("Expecting no error, got %v", err) t.Errorf("Expecting no error, got %v", err)
return
} }
if !bytes.Equal(ch.clientVersion, []byte{0x03, 0x03}) { if !bytes.Equal(ch.clientVersion, []byte{0x03, 0x03}) {
t.Errorf("expecting client version 0x0303, got %v", ch.clientVersion) t.Errorf("expecting client version 0x0303, got %v", ch.clientVersion)
return
} }
}) })
t.Run("Malformed ClientHello", func(t *testing.T) { t.Run("Malformed ClientHello", func(t *testing.T) {
@ -22,6 +24,7 @@ func TestParseClientHello(t *testing.T) {
_, err := parseClientHello(chBytes) _, err := parseClientHello(chBytes)
if err == nil { if err == nil {
t.Error("expecting Malformed ClientHello, got no error") t.Error("expecting Malformed ClientHello, got no error")
return
} }
}) })
t.Run("not Handshake", func(t *testing.T) { t.Run("not Handshake", func(t *testing.T) {
@ -29,6 +32,7 @@ func TestParseClientHello(t *testing.T) {
_, err := parseClientHello(chBytes) _, err := parseClientHello(chBytes)
if err == nil { if err == nil {
t.Error("not a tls handshake, got no error") t.Error("not a tls handshake, got no error")
return
} }
}) })
t.Run("wrong version", func(t *testing.T) { t.Run("wrong version", func(t *testing.T) {
@ -36,6 +40,7 @@ func TestParseClientHello(t *testing.T) {
_, err := parseClientHello(chBytes) _, err := parseClientHello(chBytes)
if err == nil { if err == nil {
t.Error("wrong version, got no error") t.Error("wrong version, got no error")
return
} }
}) })
} }