Reject trailing bytes in protocol packets
ci / test (push) Waiting to run
ci / fuzz-smoke (push) Waiting to run
ci / windows-client (push) Waiting to run
ci / package-release (linux-x86_64, ubuntu-latest) (push) Waiting to run
ci / package-release (macos-aarch64, macos-14) (push) Waiting to run
ci / package-release (macos-x86_64, macos-13) (push) Waiting to run
ci / package-release (windows-x86_64, windows-latest) (push) Waiting to run
ci / publish-gitea-release (push) Blocked by required conditions
ci / remote-bench (push) Waiting to run

This commit is contained in:
DuProcess
2026-07-12 23:42:00 -04:00
parent e67e06ebb5
commit 7ebc6533a7
2 changed files with 18 additions and 0 deletions
+15
View File
@@ -58,6 +58,21 @@ fn encrypted_packet_round_trips() {
assert_eq!(plain, b"hello");
}
#[test]
fn packet_decode_rejects_truncated_or_trailing_datagrams() {
let packet =
protocol::encode_plain(PacketKind::Ping, crypto::random_16(), 1, 0, b"hello").unwrap();
let truncated = &packet[..packet.len() - 1];
let err = protocol::decode(truncated).unwrap_err();
assert!(err.to_string().contains("truncated packet body"));
let mut trailing = packet.clone();
trailing.extend_from_slice(b"junk");
let err = protocol::decode(&trailing).unwrap_err();
assert!(err.to_string().contains("trailing packet bytes"));
}
#[test]
fn plaintext_packet_never_decrypts_as_authenticated_body() {
let key = crypto::random_32();