[MM-38321] Fix possible panics during license validation (#18333)

* Fix possible panics during license validation * Return error if non 2xx code is returned by trial request server
2025-02-25 18:55:24 -06:00 · 2021-09-02 18:57:18 +02:00
parent 21a53320d3
commit 236d46ecc6
3 changed files with 61 additions and 11 deletions
--- a/app/license.go
+++ b/app/license.go
@@ -6,6 +6,7 @@ package app
 import (
 	"bytes"
 	"encoding/json"
+	"fmt"
 	"net/http"
 	"os"
 	"time"
@@ -272,6 +273,12 @@ func (s *Server) RequestTrialLicense(trialRequest *model.TrialLicenseRequest) *m
 		return model.NewAppError("RequestTrialLicense", "api.license.request_trial_license.app_error", nil, err.Error(), http.StatusBadRequest)
 	}
 	defer resp.Body.Close()
+
+	if resp.StatusCode < 200 || resp.StatusCode >= 300 {
+		return model.NewAppError("RequestTrialLicense", "api.license.request_trial_license.app_error", nil,
+			fmt.Sprintf("Unexpected HTTP status code %q returned by server", resp.Status), http.StatusInternalServerError)
+	}
+
 	licenseResponse := model.MapFromJSON(resp.Body)

 	if _, ok := licenseResponse["license"]; !ok {
--- a/utils/license.go
+++ b/utils/license.go
@@ -71,16 +71,16 @@ func (l *LicenseValidatorImpl) ValidateLicense(signed []byte) (bool, string) {
 		return false, ""
 	}

+	// remove null terminator
+	for len(decoded) > 0 && decoded[len(decoded)-1] == byte(0) {
+		decoded = decoded[:len(decoded)-1]
+	}
+
 	if len(decoded) <= 256 {
 		mlog.Error("Signed license not long enough")
 		return false, ""
 	}

-	// remove null terminator
-	for decoded[len(decoded)-1] == byte(0) {
-		decoded = decoded[:len(decoded)-1]
-	}
-
 	plaintext := decoded[:len(decoded)-256]
 	signature := decoded[len(decoded)-256:]

--- a/utils/license_test.go
+++ b/utils/license_test.go
@@ -4,6 +4,8 @@
 package utils

 import (
+	"bytes"
+	"encoding/base64"
 	"io/ioutil"
 	"os"
 	"testing"
@@ -13,13 +15,54 @@ import (
 )

 func TestValidateLicense(t *testing.T) {
-	b1 := []byte("junk")
-	ok, _ := LicenseValidator.ValidateLicense(b1)
-	require.False(t, ok, "should have failed - bad license")
+	t.Run("should fail with junk data", func(t *testing.T) {
+		b1 := []byte("junk")
+		ok, _ := LicenseValidator.ValidateLicense(b1)
+		require.False(t, ok, "should have failed - bad license")

-	b2 := []byte("junkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunk")
-	ok, _ = LicenseValidator.ValidateLicense(b2)
-	require.False(t, ok, "should have failed - bad license")
+		b2 := []byte("junkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunkjunk")
+		ok, _ = LicenseValidator.ValidateLicense(b2)
+		require.False(t, ok, "should have failed - bad license")
+	})
+
+	t.Run("should not panic on shorted than expected input", func(t *testing.T) {
+		var licenseData bytes.Buffer
+		var inputData []byte
+
+		for i := 0; i < 255; i++ {
+			inputData = append(inputData, 'A')
+		}
+		inputData = append(inputData, 0x00)
+
+		encoder := base64.NewEncoder(base64.StdEncoding, &licenseData)
+		_, err := encoder.Write(inputData)
+		require.NoError(t, err)
+		err = encoder.Close()
+		require.NoError(t, err)
+
+		ok, str := LicenseValidator.ValidateLicense(licenseData.Bytes())
+		require.False(t, ok)
+		require.Empty(t, str)
+	})
+
+	t.Run("should not panic with input filled of null terminators", func(t *testing.T) {
+		var licenseData bytes.Buffer
+		var inputData []byte
+
+		for i := 0; i < 256; i++ {
+			inputData = append(inputData, 0x00)
+		}
+
+		encoder := base64.NewEncoder(base64.StdEncoding, &licenseData)
+		_, err := encoder.Write(inputData)
+		require.NoError(t, err)
+		err = encoder.Close()
+		require.NoError(t, err)
+
+		ok, str := LicenseValidator.ValidateLicense(licenseData.Bytes())
+		require.False(t, ok)
+		require.Empty(t, str)
+	})
 }

 func TestGetLicenseFileLocation(t *testing.T) {