nts: don't allow malformed encrypted extension fields

Require data decrypted from the NTS authenticator field to contain
correctly formatted extension fields (known or unknown).

diff --git a/nts_ntp_client.c b/nts_ntp_client.c
index 7ac6690278335b557c38ac43a8171ba0b3708fb2..31c0960d4500679a392b1c9ca325733045d9ef1c 100644 (file)
--- a/nts_ntp_client.c
+++ b/nts_ntp_client.c
@@ -352,8 +352,10 @@ extract_cookies(NNC_Instance inst, unsigned char *plaintext, int length)
 
   for (parsed = 0; parsed < length; parsed += ef_length) {
     if (!NEF_ParseSingleField(plaintext, length, parsed,
-                              &ef_length, &ef_type, &ef_body, &ef_body_length))
-      break;
+                              &ef_length, &ef_type, &ef_body, &ef_body_length)) {
+      DEBUG_LOG("Could not parse encrypted EF");
+      return 0;
+    }
 
     if (ef_type != NTP_EF_NTS_COOKIE)
       continue;

diff --git a/nts_ntp_server.c b/nts_ntp_server.c
index c0d3e06e4408e4482803154ab51c84721068cffb..6ab8fb90e18102d17ebae1468476fea32e4c406b 100644 (file)
--- a/nts_ntp_server.c
+++ b/nts_ntp_server.c
@@ -176,8 +176,10 @@ NNS_CheckRequestAuth(NTP_Packet *packet, NTP_PacketInfo *info, uint32_t *kod)
 
   for (parsed = 0; parsed < plaintext_length; parsed += ef_length) {
     if (!NEF_ParseSingleField(plaintext, plaintext_length, parsed,
-                              &ef_length, &ef_type, &ef_body, &ef_body_length))
-      break;
+                              &ef_length, &ef_type, &ef_body, &ef_body_length)) {
+      DEBUG_LOG("Could not parse encrypted EF");
+      return 0;
+    }
 
     switch (ef_type) {
       case NTP_EF_NTS_COOKIE_PLACEHOLDER: