From afc2e8100a56b0968e2bf77e5d24246bc5cf9a04 Mon Sep 17 00:00:00 2001
From: "Owain G. Ainsworth" <oga@nicotinebsd.org>
Date: Mon, 17 Jun 2013 17:38:16 +0100
Subject: [PATCH] Make length check a little more paranoid

Remove trailing crap  from the tests (the hashtype) now that this is
correctly caught.
---
 signature.go      |  7 ++++---
 signature_test.go | 37 ++++++++++++++++++++++++++-----------
 2 files changed, 30 insertions(+), 14 deletions(-)

diff --git a/signature.go b/signature.go
index f710d0092..c5abeb3fe 100644
--- a/signature.go
+++ b/signature.go
@@ -42,10 +42,11 @@ func ParseSignature(sigStr []byte, curve elliptic.Curve) (*Signature, error) {
 	index++
 	// length of remaining message
 	siglen := sigStr[index]
-	if int(siglen+2) > len(sigStr) {
-		return nil, errors.New("malformed signature: no header magic")
-	}
 	index++
+	if int(siglen+2) != len(sigStr) {
+		fmt.Printf("siglen: %v, len: %v\n", siglen, len(sigStr))
+		return nil, errors.New("malformed signature: bad length")
+	}
 	// trim the slice we're working on so we only look at what matters.
 	sigStr = sigStr[:siglen+2]
 
diff --git a/signature_test.go b/signature_test.go
index 78cc47e5d..34ca8a908 100644
--- a/signature_test.go
+++ b/signature_test.go
@@ -27,13 +27,13 @@ var signatureTests = []signatureTest{
 			0x41, 0x02, 0x20, 0x18, 0x15, 0x22, 0xec, 0x8e, 0xca,
 			0x07, 0xde, 0x48, 0x60, 0xa4, 0xac, 0xdd, 0x12, 0x90,
 			0x9d, 0x83, 0x1c, 0xc5, 0x6c, 0xbb, 0xac, 0x46, 0x22,
-			0x08, 0x22, 0x21, 0xa8, 0x76, 0x8d, 0x1d, 0x09, 0x01,
+			0x08, 0x22, 0x21, 0xa8, 0x76, 0x8d, 0x1d, 0x09,
 		},
 		isValid: true,
 	},
 	signatureTest{
-		name: "empty.",
-		sig: []byte{},
+		name:    "empty.",
+		sig:     []byte{},
 		isValid: false,
 	},
 	signatureTest{
@@ -45,7 +45,7 @@ var signatureTests = []signatureTest{
 			0x41, 0x02, 0x20, 0x18, 0x15, 0x22, 0xec, 0x8e, 0xca,
 			0x07, 0xde, 0x48, 0x60, 0xa4, 0xac, 0xdd, 0x12, 0x90,
 			0x9d, 0x83, 0x1c, 0xc5, 0x6c, 0xbb, 0xac, 0x46, 0x22,
-			0x08, 0x22, 0x21, 0xa8, 0x76, 0x8d, 0x1d, 0x09, 0x01,
+			0x08, 0x22, 0x21, 0xa8, 0x76, 0x8d, 0x1d, 0x09,
 		},
 		isValid: false,
 	},
@@ -58,7 +58,7 @@ var signatureTests = []signatureTest{
 			0x41, 0x02, 0x20, 0x18, 0x15, 0x22, 0xec, 0x8e, 0xca,
 			0x07, 0xde, 0x48, 0x60, 0xa4, 0xac, 0xdd, 0x12, 0x90,
 			0x9d, 0x83, 0x1c, 0xc5, 0x6c, 0xbb, 0xac, 0x46, 0x22,
-			0x08, 0x22, 0x21, 0xa8, 0x76, 0x8d, 0x1d, 0x09, 0x01,
+			0x08, 0x22, 0x21, 0xa8, 0x76, 0x8d, 0x1d, 0x09,
 		},
 		isValid: false,
 	},
@@ -71,7 +71,7 @@ var signatureTests = []signatureTest{
 			0x41, 0x03, 0x20, 0x18, 0x15, 0x22, 0xec, 0x8e, 0xca,
 			0x07, 0xde, 0x48, 0x60, 0xa4, 0xac, 0xdd, 0x12, 0x90,
 			0x9d, 0x83, 0x1c, 0xc5, 0x6c, 0xbb, 0xac, 0x46, 0x22,
-			0x08, 0x22, 0x21, 0xa8, 0x76, 0x8d, 0x1d, 0x09, 0x01,
+			0x08, 0x22, 0x21, 0xa8, 0x76, 0x8d, 0x1d, 0x09,
 		},
 		isValid: false,
 	},
@@ -84,7 +84,7 @@ var signatureTests = []signatureTest{
 			0x41, 0x02, 0x20, 0x18, 0x15, 0x22, 0xec, 0x8e, 0xca,
 			0x07, 0xde, 0x48, 0x60, 0xa4, 0xac, 0xdd, 0x12, 0x90,
 			0x9d, 0x83, 0x1c, 0xc5, 0x6c, 0xbb, 0xac, 0x46, 0x22,
-			0x08, 0x22, 0x21, 0xa8, 0x76, 0x8d, 0x1d, 0x09, 0x01,
+			0x08, 0x22, 0x21, 0xa8, 0x76, 0x8d, 0x1d, 0x09,
 		},
 		isValid: false,
 	},
@@ -97,7 +97,7 @@ var signatureTests = []signatureTest{
 			0x41, 0x02, 0x20, 0x18, 0x15, 0x22, 0xec, 0x8e, 0xca,
 			0x07, 0xde, 0x48, 0x60, 0xa4, 0xac, 0xdd, 0x12, 0x90,
 			0x9d, 0x83, 0x1c, 0xc5, 0x6c, 0xbb, 0xac, 0x46, 0x22,
-			0x08, 0x22, 0x21, 0xa8, 0x76, 0x8d, 0x1d, 0x09, 0x01,
+			0x08, 0x22, 0x21, 0xa8, 0x76, 0x8d, 0x1d, 0x09,
 		},
 		isValid: false,
 	},
@@ -110,7 +110,7 @@ var signatureTests = []signatureTest{
 			0x41, 0x02, 0x20, 0x18, 0x15, 0x22, 0xec, 0x8e, 0xca,
 			0x07, 0xde, 0x48, 0x60, 0xa4, 0xac, 0xdd, 0x12, 0x90,
 			0x9d, 0x83, 0x1c, 0xc5, 0x6c, 0xbb, 0xac, 0x46, 0x22,
-			0x08, 0x22, 0x21, 0xa8, 0x76, 0x8d, 0x1d, 0x09, 0x01,
+			0x08, 0x22, 0x21, 0xa8, 0x76, 0x8d, 0x1d, 0x09,
 		},
 		isValid: false,
 	},
@@ -123,7 +123,7 @@ var signatureTests = []signatureTest{
 			0x41, 0x02, 0x21, 0x18, 0x15, 0x22, 0xec, 0x8e, 0xca,
 			0x07, 0xde, 0x48, 0x60, 0xa4, 0xac, 0xdd, 0x12, 0x90,
 			0x9d, 0x83, 0x1c, 0xc5, 0x6c, 0xbb, 0xac, 0x46, 0x22,
-			0x08, 0x22, 0x21, 0xa8, 0x76, 0x8d, 0x1d, 0x09, 0x01,
+			0x08, 0x22, 0x21, 0xa8, 0x76, 0x8d, 0x1d, 0x09,
 		},
 		isValid: false,
 	},
@@ -136,6 +136,19 @@ var signatureTests = []signatureTest{
 			0x41, 0x02, 0x19, 0x18, 0x15, 0x22, 0xec, 0x8e, 0xca,
 			0x07, 0xde, 0x48, 0x60, 0xa4, 0xac, 0xdd, 0x12, 0x90,
 			0x9d, 0x83, 0x1c, 0xc5, 0x6c, 0xbb, 0xac, 0x46, 0x22,
+			0x08, 0x22, 0x21, 0xa8, 0x76, 0x8d, 0x1d, 0x09,
+		},
+		isValid: false,
+	},
+	signatureTest{
+		name: "trailing crap.",
+		sig: []byte{0x30, 0x44, 0x02, 0x20, 0x4e, 0x45, 0xe1, 0x69,
+			0x32, 0xb8, 0xaf, 0x51, 0x49, 0x61, 0xa1, 0xd3, 0xa1,
+			0xa2, 0x5f, 0xdf, 0x3f, 0x4f, 0x77, 0x32, 0xe9, 0xd6,
+			0x24, 0xc6, 0xc6, 0x15, 0x48, 0xab, 0x5f, 0xb8, 0xcd,
+			0x41, 0x02, 0x20, 0x18, 0x15, 0x22, 0xec, 0x8e, 0xca,
+			0x07, 0xde, 0x48, 0x60, 0xa4, 0xac, 0xdd, 0x12, 0x90,
+			0x9d, 0x83, 0x1c, 0xc5, 0x6c, 0xbb, 0xac, 0x46, 0x22,
 			0x08, 0x22, 0x21, 0xa8, 0x76, 0x8d, 0x1d, 0x09, 0x01,
 		},
 		isValid: false,
@@ -149,7 +162,9 @@ func TestSignatures(t *testing.T) {
 			if test.isValid {
 				t.Errorf("%s signature failed when shouldn't %v",
 					test.name, err)
-			}
+			} /* else {
+				t.Errorf("%s got error %v", test.name, err)
+			} */
 			continue
 		}
 		if !test.isValid {