* cipher/cipher.c (_gcry_cipher_setup_geniv, _gcry_cipher_geniv): Check
input lengths for valid range; Avoid calling memcpy with zero length.
--
Patch adds few length checks for setup_geniv and makes sure that memcpy
is not called with zero length.
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
---
cipher/cipher.c | 18 ++++++++++++++++--
1 file changed, 16 insertions(+), 2 deletions(-)
diff --git a/cipher/cipher.c b/cipher/cipher.c
index e8743496..91379d13 100644
--- a/cipher/cipher.c
+++ b/cipher/cipher.c
@@ -1271,12 +1271,22 @@ _gcry_cipher_setup_geniv (gcry_cipher_hd_t hd, int method,
if (method != GCRY_CIPHER_GENIV_METHOD_CONCAT)
return GPG_ERR_INV_ARG;
+ if (fixed_iv_len > sizeof(hd->aead.fixed))
+ return GPG_ERR_INV_LENGTH;
+
+ if (dyn_iv_len > sizeof(hd->aead.dynamic))
+ return GPG_ERR_INV_LENGTH;
+
+ if (dyn_iv_len == 0) /* Zero-length dynamic would mean fixed IV only. */
+ return GPG_ERR_INV_LENGTH;
+
hd->aead.geniv_method = GCRY_CIPHER_GENIV_METHOD_CONCAT;
hd->aead.fixed_iv_len = fixed_iv_len;
hd->aead.dynamic_iv_len = dyn_iv_len;
memset (hd->aead.fixed, 0, MAX_BLOCKSIZE);
memset (hd->aead.dynamic, 0, MAX_BLOCKSIZE);
- memcpy (hd->aead.fixed, fixed_iv, fixed_iv_len);
+ if (fixed_iv_len > 0)
+ memcpy (hd->aead.fixed, fixed_iv, fixed_iv_len);
memcpy (hd->aead.dynamic, dyn_iv, dyn_iv_len);
return rc;
@@ -1295,7 +1305,11 @@ _gcry_cipher_geniv (gcry_cipher_hd_t hd, void *iv, size_t iv_len)
if (iv_len != hd->aead.fixed_iv_len + hd->aead.dynamic_iv_len)
return GPG_ERR_INV_ARG;
- memcpy (iv, hd->aead.fixed, hd->aead.fixed_iv_len);
+ if (hd->aead.dynamic_iv_len == 0)
+ return GPG_ERR_INV_STATE; /* Dynamic not set through setup_geniv. */
+
+ if (hd->aead.fixed_iv_len > 0)
+ memcpy (iv, hd->aead.fixed, hd->aead.fixed_iv_len);
memcpy ((byte *)iv+hd->aead.fixed_iv_len,
hd->aead.dynamic, hd->aead.dynamic_iv_len);
rc = hd->mode_ops.setiv (hd, iv, iv_len);
--
2.34.1
_______________________________________________
Gcrypt-devel mailing list
Gcrypt-devel@lists.gnupg.org
https://lists.gnupg.org/mailman/listinfo/gcrypt-devel
input lengths for valid range; Avoid calling memcpy with zero length.
--
Patch adds few length checks for setup_geniv and makes sure that memcpy
is not called with zero length.
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
---
cipher/cipher.c | 18 ++++++++++++++++--
1 file changed, 16 insertions(+), 2 deletions(-)
diff --git a/cipher/cipher.c b/cipher/cipher.c
index e8743496..91379d13 100644
--- a/cipher/cipher.c
+++ b/cipher/cipher.c
@@ -1271,12 +1271,22 @@ _gcry_cipher_setup_geniv (gcry_cipher_hd_t hd, int method,
if (method != GCRY_CIPHER_GENIV_METHOD_CONCAT)
return GPG_ERR_INV_ARG;
+ if (fixed_iv_len > sizeof(hd->aead.fixed))
+ return GPG_ERR_INV_LENGTH;
+
+ if (dyn_iv_len > sizeof(hd->aead.dynamic))
+ return GPG_ERR_INV_LENGTH;
+
+ if (dyn_iv_len == 0) /* Zero-length dynamic would mean fixed IV only. */
+ return GPG_ERR_INV_LENGTH;
+
hd->aead.geniv_method = GCRY_CIPHER_GENIV_METHOD_CONCAT;
hd->aead.fixed_iv_len = fixed_iv_len;
hd->aead.dynamic_iv_len = dyn_iv_len;
memset (hd->aead.fixed, 0, MAX_BLOCKSIZE);
memset (hd->aead.dynamic, 0, MAX_BLOCKSIZE);
- memcpy (hd->aead.fixed, fixed_iv, fixed_iv_len);
+ if (fixed_iv_len > 0)
+ memcpy (hd->aead.fixed, fixed_iv, fixed_iv_len);
memcpy (hd->aead.dynamic, dyn_iv, dyn_iv_len);
return rc;
@@ -1295,7 +1305,11 @@ _gcry_cipher_geniv (gcry_cipher_hd_t hd, void *iv, size_t iv_len)
if (iv_len != hd->aead.fixed_iv_len + hd->aead.dynamic_iv_len)
return GPG_ERR_INV_ARG;
- memcpy (iv, hd->aead.fixed, hd->aead.fixed_iv_len);
+ if (hd->aead.dynamic_iv_len == 0)
+ return GPG_ERR_INV_STATE; /* Dynamic not set through setup_geniv. */
+
+ if (hd->aead.fixed_iv_len > 0)
+ memcpy (iv, hd->aead.fixed, hd->aead.fixed_iv_len);
memcpy ((byte *)iv+hd->aead.fixed_iv_len,
hd->aead.dynamic, hd->aead.dynamic_iv_len);
rc = hd->mode_ops.setiv (hd, iv, iv_len);
--
2.34.1
_______________________________________________
Gcrypt-devel mailing list
Gcrypt-devel@lists.gnupg.org
https://lists.gnupg.org/mailman/listinfo/gcrypt-devel