Merge 934a8e6 into 807a3db

tlsfuzzer · Feb 6, 2020 · 82ec607 · 82ec607
2 parents 807a3db + 934a8e6
commit 82ec607
Show file tree

Hide file tree

Showing 3 changed files with 15 additions and 3 deletions.
diff --git a/tlslite/messages.py b/tlslite/messages.py
@@ -1171,7 +1171,10 @@ def _parse_tls12(self, p):
             while index != chainLength:
                 certBytes = p.getVarBytes(3)
                 x509 = X509()
-                x509.parseBinary(certBytes)
+                try:
+                    x509.parseBinary(certBytes)
+                except SyntaxError:
+                    raise BadCertificateError("Certificate could not be parsed")
                 certificate_list.append(x509)
                 index += len(certBytes)+3
             if certificate_list:

diff --git a/tlslite/tlsrecordlayer.py b/tlslite/tlsrecordlayer.py
@@ -17,7 +17,7 @@
 
 from .utils.compat import *
 from .utils.cryptomath import *
-from .utils.codec import Parser
+from .utils.codec import Parser, BadCertificateError
 from .utils.lists import to_str_delimiter, getFirstMatching
 from .errors import *
 from .messages import *
@@ -1201,9 +1201,13 @@ def _getMsg(self, expectedType, secondaryType=None, constructorType=None):
                     raise AssertionError()
 
         #If an exception was raised by a Parser or Message instance:
+        except BadCertificateError as e:
+            for result in self._sendError(AlertDescription.bad_certificate,
+                                          formatExceptionTrace(e)):
+                yield result
         except SyntaxError as e:
             for result in self._sendError(AlertDescription.decode_error,
-                                         formatExceptionTrace(e)):
+                                          formatExceptionTrace(e)):
                 yield result
 
     #Returns next record or next handshake message

diff --git a/tlslite/utils/codec.py b/tlslite/utils/codec.py
@@ -15,6 +15,11 @@ class DecodeError(SyntaxError):
     pass
 
 
+class BadCertificateError(SyntaxError):
+    """Exception raised in case of bad certificate."""
+    pass
+
+
 class Writer(object):
     """Serialisation helper for complex byte-based structures."""