From d4d867156a9a3e4b2254699f00c66a8a3273f6e2 Mon Sep 17 00:00:00 2001 From: Alexey <247128645+axkurcom@users.noreply.github.com> Date: Mon, 23 Feb 2026 02:38:25 +0300 Subject: [PATCH] Secure Payload length fixes --- src/protocol/constants.rs | 24 ++++++++---------------- 1 file changed, 8 insertions(+), 16 deletions(-) diff --git a/src/protocol/constants.rs b/src/protocol/constants.rs index c1e4956..c930a1b 100644 --- a/src/protocol/constants.rs +++ b/src/protocol/constants.rs @@ -162,21 +162,12 @@ pub fn is_valid_secure_payload_len(data_len: usize) -> bool { } /// Compute Secure Intermediate payload length from wire length. -/// -/// Returns `None` for invalid Secure lengths (e.g. divisible by 4). +/// Secure mode strips up to 3 random tail bytes by truncating to 4-byte boundary. pub fn secure_payload_len_from_wire_len(wire_len: usize) -> Option { if wire_len < 4 { return None; } - let padding_len = wire_len % 4; - if padding_len == 0 || wire_len < padding_len { - return None; - } - let payload_len = wire_len - padding_len; - if !is_valid_secure_payload_len(payload_len) { - return None; - } - Some(payload_len) + Some(wire_len - (wire_len % 4)) } /// Generate padding length for Secure Intermediate protocol. @@ -383,7 +374,7 @@ mod tests { #[test] fn secure_wire_len_roundtrip_for_aligned_payload() { for payload_len in (4..4096).step_by(4) { - for padding in 1..=3usize { + for padding in 0..=3usize { let wire_len = payload_len + padding; let recovered = secure_payload_len_from_wire_len(wire_len); assert_eq!(recovered, Some(payload_len)); @@ -392,9 +383,10 @@ mod tests { } #[test] - fn secure_wire_len_rejects_aligned_totals() { - for wire_len in (0..1024).step_by(4) { - assert_eq!(secure_payload_len_from_wire_len(wire_len), None); - } + fn secure_wire_len_rejects_too_short_frames() { + assert_eq!(secure_payload_len_from_wire_len(0), None); + assert_eq!(secure_payload_len_from_wire_len(1), None); + assert_eq!(secure_payload_len_from_wire_len(2), None); + assert_eq!(secure_payload_len_from_wire_len(3), None); } }