From 384b1166eabc40182fffe15a9fffae86a28a8190 Mon Sep 17 00:00:00 2001 From: Wade Simmons Date: Thu, 19 Nov 2020 08:44:54 -0500 Subject: [PATCH] fix panic in UnmarshalNebulaCertificate (#339) This fixes a panic in UnmarshalNebulaCertificate when unmarshaling a payload with Details set to nil. Fixes: #332 --- cert/cert.go | 4 ++++ cert/cert_test.go | 7 +++++++ 2 files changed, 11 insertions(+) diff --git a/cert/cert.go b/cert/cert.go index e56b372..8e668e2 100644 --- a/cert/cert.go +++ b/cert/cert.go @@ -61,6 +61,10 @@ func UnmarshalNebulaCertificate(b []byte) (*NebulaCertificate, error) { return nil, err } + if rc.Details == nil { + return nil, fmt.Errorf("encoded Details was nil") + } + if len(rc.Details.Ips)%2 != 0 { return nil, fmt.Errorf("encoded IPs should be in pairs, an odd number was found") } diff --git a/cert/cert_test.go b/cert/cert_test.go index aff469c..c97e4d1 100644 --- a/cert/cert_test.go +++ b/cert/cert_test.go @@ -499,6 +499,13 @@ func TestNebulaCertificate_Copy(t *testing.T) { util.AssertDeepCopyEqual(t, c, cc) } +func TestUnmarshalNebulaCertificate(t *testing.T) { + // Test that we don't panic with an invalid certificate (#332) + data := []byte("\x98\x00\x00") + _, err := UnmarshalNebulaCertificate(data) + assert.EqualError(t, err, "encoded Details was nil") +} + func newTestCaCert(before, after time.Time, ips, subnets []*net.IPNet, groups []string) (*NebulaCertificate, []byte, []byte, error) { pub, priv, err := ed25519.GenerateKey(rand.Reader) if before.IsZero() {