Fix corruption of certain packets containing invalid TLS extension fields (#4554)

* Fix corruption of certain packets with invalid TLS extension fields * Use idioms --------- Co-authored-by: gpotter2 <10530980+gpotter2@users.noreply.github.com>
2024-10-14 21:33:55 +02:00 · 2024-10-14 21:33:55 +02:00 · 4a66706fbb
parent b9aebbef8f
commit 4a66706fbb
2 changed files with 7 additions and 0 deletions
--- a/scapy/layers/tls/extensions.py
+++ b/scapy/layers/tls/extensions.py
@ -843,4 +843,6 @@ class _ExtensionsField(StrLenField):
                cls = _tls_ext_early_data_cls.get(pkt.msgtype, TLS_Ext_Unknown)
            res.append(cls(m[:tmp_len + 4], tls_session=pkt.tls_session))
            m = m[tmp_len + 4:]
+        if m:
+            res.append(conf.raw_layer(m))
        return res
--- a/test/scapy/layers/tls/tls.uts
+++ b/test/scapy/layers/tls/tls.uts
@ -1561,6 +1561,11 @@ data = '1603031616020000660303602161b58e22f4966f18f9aa6afd5759f343935ed437cf09c5
 pkt = TLS(bytes.fromhex(data))
 assert [type(x) for x in pkt.msg] == [TLSServerHello, TLSCertificate, TLSCertificateStatus, TLSServerKeyExchange, TLSServerHelloDone]

+= Issue 3853
+data = hex_bytes("16030300360200002e030342615f0b32366c85b5de265ec99fd68c59079d9783dc2f547592fe12f4ab3fde00c02c000015ff01000100000e000000")
+tls_packet = TLS(data)
+assert raw(tls_packet) == data
+
 ###############################################################################
 ############################ Automaton behaviour ##############################
 ###############################################################################