Merge pull request openwsn-berkeley#169 from geonnave/make-parse-cred…

…-safe Make parse_cred safe
geonnave · Dec 8, 2023 · 3bffb95 · 3bffb95
2 parents 2e5e9aa + c37e409
commit 3bffb95
Showing 1 changed file with 24 additions and 10 deletions.
diff --git a/consts/src/lib.rs b/consts/src/lib.rs
@@ -369,16 +369,30 @@ mod helpers {
         {
             Err(EDHOCError::ParsingError)
         } else {
-            let subject_len = (cred[2] - CBOR_MAJOR_TEXT_STRING) as usize;
-            let id_cred_offset: usize = CCS_PREFIX_LEN + subject_len + CNF_AND_COSE_KEY_PREFIX_LEN;
-            let g_a_x_offset: usize = id_cred_offset + COSE_KEY_FIRST_ITEMS_LEN;
-
-            Ok((
-                cred[g_a_x_offset..g_a_x_offset + P256_ELEM_LEN]
-                    .try_into()
-                    .expect("Wrong key length"),
-                cred[id_cred_offset],
-            ))
+            let subject_len = CBORDecoder::info_of(cred[2]) as usize;
+
+            let id_cred_offset: usize = CCS_PREFIX_LEN
+                .checked_add(subject_len)
+                .and_then(|x| x.checked_add(CNF_AND_COSE_KEY_PREFIX_LEN))
+                .ok_or(EDHOCError::ParsingError)?;
+
+            let g_a_x_offset: usize = id_cred_offset
+                .checked_add(COSE_KEY_FIRST_ITEMS_LEN)
+                .ok_or(EDHOCError::ParsingError)?;
+
+            if g_a_x_offset
+                .checked_add(P256_ELEM_LEN)
+                .map_or(false, |end| end <= cred.len())
+            {
+                Ok((
+                    cred[g_a_x_offset..g_a_x_offset + P256_ELEM_LEN]
+                        .try_into()
+                        .expect("Wrong key length"),
+                    cred[id_cred_offset],
+                ))
+            } else {
+                Err(EDHOCError::ParsingError)
+            }
         }
     }