Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Capped buffer expansion #259

Open
wants to merge 4 commits into
base: master
Choose a base branch
from
Open

Capped buffer expansion #259

Show file tree
Hide file tree
Changes from 3 commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
8132324
Update test to verify exception
CrspyAu Dec 12, 2024
0982e2e
Add CappedMemoryStream
CrspyAu Dec 12, 2024
88d4a56
Add CappedMemoryStream
CrspyAu Dec 12, 2024
8cf59d9
Create exception type for capacity exceeded
CrspyAu Dec 19, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
17 changes: 5 additions & 12 deletions UnitTests/SecurityVulnerabilitiesTest.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -63,7 +63,7 @@ public void InvalidCurveAttack(string keyImplementation)
byte[] y = Base64Url.Decode("e8lnCO-AlStT-NJVX-crhB7QRYhiix03illJOVAOyck");
byte[] d = Base64Url.Decode("VEmDZpDXXK8p8N0Cndsxs924q6nS1RXFASRl6BfUqdw");

var privateKey = keyImplementation == "CNG" ? (object) EccKey.New(x, y, d, usage: CngKeyUsages.KeyAgreement) : EcdhKey.New(x, y, d) ;
var privateKey = keyImplementation == "CNG" ? (object)EccKey.New(x, y, d, usage: CngKeyUsages.KeyAgreement) : EcdhKey.New(x, y, d);

//JWT encrypted with attacker private key, which is equals to (reciever_pk mod 113)
var attackMod113 =
Expand Down Expand Up @@ -171,7 +171,7 @@ public void BitLengthIntegerOverflow()
}
}

[Fact]
[Fact]
public void DeflateBomb()
{
// given
Expand All @@ -197,15 +197,8 @@ public void DeflateBomb()
string bomb = Jose.JWT.Encode(payload, publicKey, JweAlgorithm.RSA_OAEP, JweEncryption.A256GCM, JweCompression.DEF);

// when
try
{
string decoded = Jose.JWT.Decode(bomb, privateKey, JwsAlgorithm.RS256);
Assert.True(false, "Should fail with NotSupportedException");
}
catch (JoseException e)
{
Console.Out.WriteLine(e.ToString());
}
Exception thrownException = Assert.Throws<JoseException>(() => Jose.JWT.Decode(bomb, privateKey));
Assert.IsType<NotSupportedException>(thrownException.InnerException);
}

[Fact]
Expand All @@ -217,7 +210,7 @@ public void TruncatedGcmAuthTag()
try
{
// when decrypt token with trunated AES GCM tag, it should fail
Jose.JWT.Decode(token, aes128Key);
Jose.JWT.Decode(token, aes128Key);
Assert.True(false, "Should fail with IntegrityException");

}
Expand Down
34 changes: 34 additions & 0 deletions jose-jwt/compression/CappedMemoryStream.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,34 @@
using System;
using System.IO;

namespace Jose;

public class CappedMemoryStream : MemoryStream
{
private readonly long maxCapacity;

public CappedMemoryStream(long maxCapacity)
{
this.maxCapacity = maxCapacity;
}

public override void Write(byte[] buffer, int offset, int count)
{
if (Length + Math.Min(count, buffer.Length - offset) > maxCapacity)
{
throw new NotSupportedException("Exceeding maximum memory stream size.");
}

base.Write(buffer, offset, count);
}

public override void WriteByte(byte value)
{
if (Length + 1 > maxCapacity)
{
throw new NotSupportedException("Exceeding maximum memory stream size.");
}

base.WriteByte(value);
}
}
12 changes: 5 additions & 7 deletions jose-jwt/compression/DeflateCompression.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,24 +28,22 @@ public byte[] Compress(byte[] plainText)

public byte[] Decompress(byte[] compressedText)
{
byte[] buffer = new byte[maxBufferSizeBytes];

try
{
using (MemoryStream ms = new MemoryStream(buffer))
using (MemoryStream ms = new CappedMemoryStream(maxBufferSizeBytes))
{
using (MemoryStream compressedStream = new MemoryStream(compressedText))
{
using (DeflateStream deflater = new DeflateStream(compressedStream, CompressionMode.Decompress))
{
deflater.CopyTo(ms);
}
}
return Arrays.Truncate(ms.ToArray(), ms.Position);
}

return ms.ToArray();
}
}
catch(NotSupportedException e)
catch (NotSupportedException e)
Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

may be we can now replace to some better exception? Like JoseException of subclass ?

{
throw new JoseException("Unable to deflate compressed payload, most likely exceeded decompression buffer size.", e);
}
Expand Down