JehanneOS/jehanne
JehanneOS/jehanne
1
0
Fork 0
Code Issues Pull Requests Projects Releases Activity

libsec: fix out of bound write (CID 155904)

Browse Source 
In aesXCBCmac fix (potential) out of bound write in padding.

CID 155904 (#1 of 1): Out-of-bounds write (OVERRUN)
7. overrun-local: Overrunning array of 16 bytes at byte offset 16 by dereferencing pointer p2++.
This commit is contained in:
Giacomo Tesio 2017-01-17 20:21:57 +01:00
parent 06376d5859
commit 3cfe366cc0
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
sys/src/lib/sec/port/aes.c
View File

@ -142,12 +142,12 @@ aesXCBCmac(uint8_t *p, int len, AESstate *s)
/* the last one */ /* the last one */
memmove(q, p, len); memmove(q, p, len);
p2 = q+len;
if(len == AESbsize) if(len == AESbsize)
mackey = s->mackey + AESbsize; /* k2 */ mackey = s->mackey + AESbsize; /* k2 */
else{ else{
mackey = s->mackey+2*AESbsize; /* k3 */ mackey = s->mackey+2*AESbsize; /* k3 */
*p2++ = 1 << 7; /* padding */ p2 = q+len; /* padding */
*p2++ = 1 << 7;
len = AESbsize - len - 1; len = AESbsize - len - 1;
memset(p2, 0, len); memset(p2, 0, len);
} }