Add validation to ensure the length of the final frame in the final

WesleyRosenblum · WesleyRosenblum · commit 163fd8847760 · 2020-03-26T16:58:55.000-07:00
frame header does not exceed the frame size specified in the message
header.
diff --git a/src/main/java/com/amazonaws/encryptionsdk/internal/FrameDecryptionHandler.java b/src/main/java/com/amazonaws/encryptionsdk/internal/FrameDecryptionHandler.java
@@ -133,6 +133,11 @@ public ProcessingSummary processBytes(final byte[] in, final int off, final int
                 int protectedContentLen = -1;
                 if (currentFrameHeaders_.isFinalFrame()) {
                     protectedContentLen = currentFrameHeaders_.getFrameContentLength();
+
+                    // The final frame should not be able to exceed the frameLength
+                    if(frameSize_ > 0 && protectedContentLen > frameSize_) {
+                        throw new BadCiphertextException("Final frame length exceeds frame length.");
+                    }
                 } else {
                     protectedContentLen = frameSize_;
                 }
diff --git a/src/test/java/com/amazonaws/encryptionsdk/internal/FrameDecryptionHandlerTest.java b/src/test/java/com/amazonaws/encryptionsdk/internal/FrameDecryptionHandlerTest.java
@@ -15,11 +15,14 @@
 
 import static org.junit.Assert.assertTrue;
 
+import java.nio.ByteBuffer;
 import java.security.SecureRandom;
 
 import javax.crypto.SecretKey;
 import javax.crypto.spec.SecretKeySpec;
 
+import com.amazonaws.encryptionsdk.TestUtils;
+import com.amazonaws.encryptionsdk.exception.BadCiphertextException;
 import org.junit.Before;
 import org.junit.Test;
 
@@ -72,4 +75,18 @@ public void decryptMaxContentLength() {
         frameDecryptionHandler_.processBytes(in, 0, in.length, out, 0);
         frameDecryptionHandler_.processBytes(in, 0, Integer.MAX_VALUE, out, 0);
     }
-}
+
+    @Test(expected = BadCiphertextException.class)
+    public void finalFrameLengthTooLarge() {
+
+        final ByteBuffer byteBuffer = ByteBuffer.allocate(25);
+        byteBuffer.put(TestUtils.unsignedBytesToSignedBytes(
+                new int[] {255, 255, 255, 255, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1}));
+        byteBuffer.putInt(AwsCrypto.getDefaultFrameSize() + 1);
+
+        final byte[] in = byteBuffer.array();
+        final byte[] out = new byte[in.length];
+
+        frameDecryptionHandler_.processBytes(in, 0, in.length, out, 0);
+    }
+}
