diff options
author | Daiki Ueno <ueno@gnu.org> | 2020-08-18 09:50:11 +0000 |
---|---|---|
committer | Daiki Ueno <ueno@gnu.org> | 2020-08-18 09:50:11 +0000 |
commit | 1417bb3336be25a90af9bb5aa8965ebf9c6feabb (patch) | |
tree | ffe7f136f245b6244b6ac59cc4be944682a0060a /lib | |
parent | cdf4cf8bede39036f4075f3280edb0d4b130cf3d (diff) | |
parent | 206124659008728cb01eeab710322c7611a28676 (diff) | |
download | gnutls-1417bb3336be25a90af9bb5aa8965ebf9c6feabb.tar.gz |
Merge branch 'tmp-cipher-check-length' into 'master'
gnutls_aead_cipher_decrypt: check output buffer size before writing
Closes #1049
See merge request gnutls/gnutls!1312
Diffstat (limited to 'lib')
-rw-r--r-- | lib/nettle/cipher.c | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/lib/nettle/cipher.c b/lib/nettle/cipher.c index ec0c1ab043..a82386b100 100644 --- a/lib/nettle/cipher.c +++ b/lib/nettle/cipher.c @@ -1288,6 +1288,10 @@ wrap_nettle_cipher_aead_decrypt(void *_ctx, ctx->cipher->auth(ctx->ctx_ptr, auth_size, auth); encr_size -= tag_size; + + if (unlikely(plain_size < encr_size)) + return gnutls_assert_val(GNUTLS_E_SHORT_MEMORY_BUFFER); + ctx->cipher->decrypt(ctx, encr_size, plain, encr); ctx->cipher->tag(ctx->ctx_ptr, tag_size, tag); @@ -1297,6 +1301,10 @@ wrap_nettle_cipher_aead_decrypt(void *_ctx, } else { /* CCM-style cipher */ encr_size -= tag_size; + + if (unlikely(plain_size < encr_size)) + return gnutls_assert_val(GNUTLS_E_SHORT_MEMORY_BUFFER); + ret = ctx->cipher->aead_decrypt(ctx, nonce_size, nonce, auth_size, auth, |