Merge branch 'tmp-cipher-check-length' into 'master'

gnutls_aead_cipher_decrypt: check output buffer size before writing Closes #1049 See merge request gnutls/gnutls!1312
author: Daiki Ueno <ueno@gnu.org> 2020-08-18 09:50:11 +0000
committer: Daiki Ueno <ueno@gnu.org> 2020-08-18 09:50:11 +0000
commit: 1417bb3336be25a90af9bb5aa8965ebf9c6feabb (patch)
tree: ffe7f136f245b6244b6ac59cc4be944682a0060a /lib
parent: cdf4cf8bede39036f4075f3280edb0d4b130cf3d (diff)
parent: 206124659008728cb01eeab710322c7611a28676 (diff)
download: gnutls-1417bb3336be25a90af9bb5aa8965ebf9c6feabb.tar.gz
1 files changed, 8 insertions, 0 deletions
diff --git a/lib/nettle/cipher.c b/lib/nettle/cipher.c
index ec0c1ab043..a82386b100 100644
--- a/lib/nettle/cipher.c
+++ b/lib/nettle/cipher.c
@@ -1288,6 +1288,10 @@ wrap_nettle_cipher_aead_decrypt(void *_ctx,
 		ctx->cipher->auth(ctx->ctx_ptr, auth_size, auth);
 
 		encr_size -= tag_size;
+
+		if (unlikely(plain_size < encr_size))
+			return gnutls_assert_val(GNUTLS_E_SHORT_MEMORY_BUFFER);
+
 		ctx->cipher->decrypt(ctx, encr_size, plain, encr);
 
 		ctx->cipher->tag(ctx->ctx_ptr, tag_size, tag);
@@ -1297,6 +1301,10 @@ wrap_nettle_cipher_aead_decrypt(void *_ctx,
 	} else {
 		/* CCM-style cipher */
 		encr_size -= tag_size;
+
+		if (unlikely(plain_size < encr_size))
+			return gnutls_assert_val(GNUTLS_E_SHORT_MEMORY_BUFFER);
+
 		ret = ctx->cipher->aead_decrypt(ctx,
 						nonce_size, nonce,
 						auth_size, auth,
author	Daiki Ueno <ueno@gnu.org>	2020-08-18 09:50:11 +0000
committer	Daiki Ueno <ueno@gnu.org>	2020-08-18 09:50:11 +0000
commit	1417bb3336be25a90af9bb5aa8965ebf9c6feabb (patch)
tree	ffe7f136f245b6244b6ac59cc4be944682a0060a /lib
parent	cdf4cf8bede39036f4075f3280edb0d4b130cf3d (diff)
parent	206124659008728cb01eeab710322c7611a28676 (diff)
download	gnutls-1417bb3336be25a90af9bb5aa8965ebf9c6feabb.tar.gz