diff --git a/libfprint/drivers/validity/validity_tls.c b/libfprint/drivers/validity/validity_tls.c index 10a3d139..f760df48 100644 --- a/libfprint/drivers/validity/validity_tls.c +++ b/libfprint/drivers/validity/validity_tls.c @@ -325,7 +325,7 @@ validity_tls_decrypt (ValidityTlsState *tls, gsize *out_len, GError **error) { - if (ciphertext_len < TLS_IV_SIZE + TLS_AES_BLOCK_SIZE) + if (!ciphertext || ciphertext_len < TLS_IV_SIZE + TLS_AES_BLOCK_SIZE) { g_set_error (error, FP_DEVICE_ERROR, FP_DEVICE_ERROR_PROTO, "TLS ciphertext too short"); @@ -1072,7 +1072,12 @@ validity_tls_parse_server_hello (ValidityTlsState *tls, { /* Parse handshake messages within this record */ const guint8 *rec_body = NULL; - fpi_byte_reader_get_data (&r, rec_len, &rec_body); + if (!fpi_byte_reader_get_data (&r, rec_len, &rec_body) || !rec_body) + { + g_set_error (error, FP_DEVICE_ERROR, FP_DEVICE_ERROR_PROTO, + "TLS ServerHello: failed to read record body"); + return FALSE; + } FpiByteReader hs_r; fpi_byte_reader_init (&hs_r, rec_body, rec_len); @@ -1093,7 +1098,12 @@ validity_tls_parse_server_hello (ValidityTlsState *tls, } const guint8 *hs_body = NULL; - fpi_byte_reader_get_data (&hs_r, hs_len, &hs_body); + if (!fpi_byte_reader_get_data (&hs_r, hs_len, &hs_body) || !hs_body) + { + g_set_error (error, FP_DEVICE_ERROR, FP_DEVICE_ERROR_PROTO, + "TLS ServerHello: failed to read handshake body"); + return FALSE; + } /* Update handshake hash */ const guint8 *hs_raw = rec_body + hs_msg_start; @@ -1107,9 +1117,8 @@ validity_tls_parse_server_hello (ValidityTlsState *tls, [0x0f] = "CertVerify", [0x14] = "Finished" }; const char *n = (hs_type < 0x15 && names[hs_type]) ? names[hs_type] : "unknown"; - fp_dbg ("hs_hash UPDATE(srv) %s (type=0x%02x, %u bytes fed, first4: %02x%02x%02x%02x)", - n, hs_type, (unsigned) (4 + hs_len), - hs_raw[0], hs_raw[1], hs_raw[2], hs_raw[3]); + fp_dbg ("hs_hash UPDATE(srv) %s (type=0x%02x, %u bytes fed)", + n, hs_type, (unsigned) (4 + hs_len)); } switch (hs_type)