提交 88262b98 编写于 作者: C Claudio Costa

[MM-38321] Fix possible panics during license validation (#18333)

* Fix possible panics during license validation

* Return error if non 2xx code is returned by trial request server
上级 d599ca36
......@@ -5,6 +5,7 @@ package app
import (
"bytes"
"fmt"
"net/http"
"os"
"strings"
......@@ -258,8 +259,13 @@ func (s *Server) RequestTrialLicense(trialRequest *model.TrialLicenseRequest) *m
return model.NewAppError("RequestTrialLicense", "api.license.request_trial_license.app_error", nil, err.Error(), http.StatusBadRequest)
}
defer resp.Body.Close()
licenseResponse := model.MapFromJson(resp.Body)
if resp.StatusCode < 200 || resp.StatusCode >= 300 {
return model.NewAppError("RequestTrialLicense", "api.license.request_trial_license.app_error", nil,
fmt.Sprintf("Unexpected HTTP status code %q returned by server", resp.Status), http.StatusInternalServerError)
}
licenseResponse := model.MapFromJson(resp.Body)
if _, ok := licenseResponse["license"]; !ok {
return model.NewAppError("RequestTrialLicense", "api.license.request_trial_license.app_error", nil, licenseResponse["message"], http.StatusBadRequest)
}
......
......@@ -67,16 +67,16 @@ func (l *LicenseValidatorImpl) ValidateLicense(signed []byte) (bool, string) {
return false, ""
}
// remove null terminator
for len(decoded) > 0 && decoded[len(decoded)-1] == byte(0) {
decoded = decoded[:len(decoded)-1]
}
if len(decoded) <= 256 {
mlog.Error("Signed license not long enough")
return false, ""
}
// remove null terminator
for decoded[len(decoded)-1] == byte(0) {
decoded = decoded[:len(decoded)-1]
}
plaintext := decoded[:len(decoded)-256]
signature := decoded[len(decoded)-256:]
......
......@@ -4,6 +4,8 @@
package utils
import (
"bytes"
"encoding/base64"
"io/ioutil"
"os"
"testing"
......@@ -13,13 +15,54 @@ import (
)
func TestValidateLicense(t *testing.T) {
b1 := []byte("junk")
ok, _ := LicenseValidator.ValidateLicense(b1)
require.False(t, ok, "should have failed - bad license")
t.Run("should fail with junk data", func(t *testing.T) {
b1 := []byte("junk")
ok, _ := LicenseValidator.ValidateLicense(b1)
require.False(t, ok, "should have failed - bad license")
b2 := []byte("junkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunk")
ok, _ = LicenseValidator.ValidateLicense(b2)
require.False(t, ok, "should have failed - bad license")
b2 := []byte("junkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunk")
ok, _ = LicenseValidator.ValidateLicense(b2)
require.False(t, ok, "should have failed - bad license")
})
t.Run("should not panic on shorted than expected input", func(t *testing.T) {
var licenseData bytes.Buffer
var inputData []byte
for i := 0; i < 255; i++ {
inputData = append(inputData, 'A')
}
inputData = append(inputData, 0x00)
encoder := base64.NewEncoder(base64.StdEncoding, &licenseData)
_, err := encoder.Write(inputData)
require.NoError(t, err)
err = encoder.Close()
require.NoError(t, err)
ok, str := LicenseValidator.ValidateLicense(licenseData.Bytes())
require.False(t, ok)
require.Empty(t, str)
})
t.Run("should not panic with input filled of null terminators", func(t *testing.T) {
var licenseData bytes.Buffer
var inputData []byte
for i := 0; i < 256; i++ {
inputData = append(inputData, 0x00)
}
encoder := base64.NewEncoder(base64.StdEncoding, &licenseData)
_, err := encoder.Write(inputData)
require.NoError(t, err)
err = encoder.Close()
require.NoError(t, err)
ok, str := LicenseValidator.ValidateLicense(licenseData.Bytes())
require.False(t, ok)
require.Empty(t, str)
})
}
func TestGetLicenseFileLocation(t *testing.T) {
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册