Comments (3)
It was decided that, for now, the size field given in the header should match the size of the header in the 1.0
wire protocol format, as a measure of safety.
If the magic number given is correct, we should however always read the number of bytes given in the header for the rest of the request header and then check if that number is correct. If it is correct, we can then deserialize the header.
It is the following change:
diff --git a/src/requests/request/request_header.rs b/src/requests/request/request_header.rs
index 2829679..c41f527 100644
--- a/src/requests/request/request_header.rs
+++ b/src/requests/request/request_header.rs
@@ -91,11 +91,16 @@ impl RawRequestHeader {
pub fn read_from_stream<R: Read>(mut stream: &mut R) -> Result<RawRequestHeader> {
let magic_number = get_from_stream!(stream, u32);
let hdr_size = get_from_stream!(stream, u16);
- if magic_number != MAGIC_NUMBER || hdr_size != REQUEST_HDR_SIZE {
+ if magic_number != MAGIC_NUMBER {
+ error!("The magic number ({}) in the request is incorrect.", magic_number);
return Err(ResponseStatus::InvalidHeader);
}
let mut bytes = vec![0_u8; usize::try_from(hdr_size)?];
stream.read_exact(&mut bytes)?;
+ if hdr_size != REQUEST_HDR_SIZE {
+ error!("The header size ({}) in the request is incorrect.", hdr_size);
+ return Err(ResponseStatus::InvalidHeader);
+ }
let raw_request: RawRequestHeader = bincode::deserialize(&bytes)?;
if raw_request.version_maj != 1 || raw_request.version_min != 0 {
from parsec.
And similar changes for the responses!
from parsec.
Fixed as per linked PR.
from parsec.
Related Issues (20)
- Can we have a single "latest" Quickstart release package?
- Parsec fails to compile for arm32 HOT 4
- Vulnerability in SQLite HOT 3
- Investigate using Arm Virtual Hardware in CI
- Suggest using `/dev/tpmrm0` over `/dev/tpm`
- Parsec 1.1 fails to build with meta-security master branch HOT 4
- Parsec Quickstart - Docker: Pull access denied for parallaxsecond/parsec-quickstart, repository does not exist HOT 1
- Update cryptoki version to `0.4.1` HOT 1
- parsec 1.1.0/1.2.0-rc1 fail to build with gcc13 HOT 3
- Generate arm64 quickstart package
- Provide details of built-in providers
- Investigate e2e_tests failure on RasberryPi for PKCS11 backend
- Investigate e2e_tests failure on RasberryPi for TPM backend
- Migrate away from using users crate HOT 1
- Format check errors should only appear in one CI job
- parsec-quickstart container on arm64 HOT 1
- Improve PKCS11 failure mode HOT 1
- e2e_tests/stress.rs: Signature Verification fails sporadically with PsaErrorInvalidArgument
- parsec-cli-tests.sh error: The CSR does not contain the serialNumber field of the Distinguished Name HOT 3
- PKCS11/SoftHSM/RSA issue: Decryption with a different key to the one used for Encryption is allowed HOT 16
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from parsec.