runner: check bounds on packets in skipPacket. Our tests shouldn't panic if the program misbehaves. Change-Id: I113e050222bcf48e5f25883f860dbc1c5c77e77e Reviewed-on: https://boringssl-review.googlesource.com/5764 Reviewed-by: Adam Langley <agl@google.com>

commit: 6ca9355f25e3a213d00e019ace2888a08738999c [log] [tgz]
author: David Benjamin <davidben@chromium.org> Fri Aug 28 16:16:25 2015 -0400
committer: Adam Langley <agl@google.com> Fri Aug 28 22:49:43 2015 +0000
tree: be35bec692040cbfa402a0361cedcd60ecd36089
parent: ed50cee007ce5c31416de921865970298b71e715 [diff]
diff --git a/ssl/test/runner/conn.go b/ssl/test/runner/conn.go
index cf6700d..f09cb7c 100644
--- a/ssl/test/runner/conn.go
+++ b/ssl/test/runner/conn.go

@@ -1052,6 +1052,9 @@
 // sequence number expectations but otherwise ignores them.
 func (c *Conn) skipPacket(packet []byte) error {
 	for len(packet) > 0 {
+		if len(packet) < 13 {
+			return errors.New("tls: bad packet")
+		}
 		// Dropped packets are completely ignored save to update
 		// expected sequence numbers for this and the next epoch. (We
 		// don't assert on the contents of the packets both for
@@ -1071,6 +1074,9 @@
 			}
 			c.in.incNextSeq()
 		}
+		if len(packet) < 13+int(length) {
+			return errors.New("tls: bad packet")
+		}
 		packet = packet[13+length:]
 	}
 	return nil
commit	6ca9355f25e3a213d00e019ace2888a08738999c	[log] [tgz]
author	David Benjamin <davidben@chromium.org>	Fri Aug 28 16:16:25 2015 -0400
committer	Adam Langley <agl@google.com>	Fri Aug 28 22:49:43 2015 +0000
tree	be35bec692040cbfa402a0361cedcd60ecd36089
parent	ed50cee007ce5c31416de921865970298b71e715 [diff]