gnutls_aead_cipher_decrypt: check output buffer size before writingtmp-cipher-check-length

While the documentation of gnutls_aead_cipher_decrypt indicates that the inout argument ptext_len initially holds the size that sufficiently fits the expected output size, there was no runtime check on that. This makes the interface robuster against misuses. Signed-off-by: Daiki Ueno <ueno@gnu.org>
author: Daiki Ueno <ueno@gnu.org> 2020-08-13 18:17:08 +0200
committer: Daiki Ueno <ueno@gnu.org> 2020-08-17 10:45:16 +0200
commit: 206124659008728cb01eeab710322c7611a28676 (patch)
tree: 150555234fc577da7d32cbf0f7d7258f2355a1aa /lib
parent: 606b77a2422c7e4124d80904bd191184323205fc (diff)
download: gnutls-tmp-cipher-check-length.tar.gz
1 files changed, 8 insertions, 0 deletions
diff --git a/lib/nettle/cipher.c b/lib/nettle/cipher.c
index ec0c1ab043..a82386b100 100644
--- a/lib/nettle/cipher.c
+++ b/lib/nettle/cipher.c
@@ -1288,6 +1288,10 @@ wrap_nettle_cipher_aead_decrypt(void *_ctx,
 		ctx->cipher->auth(ctx->ctx_ptr, auth_size, auth);
 
 		encr_size -= tag_size;
+
+		if (unlikely(plain_size < encr_size))
+			return gnutls_assert_val(GNUTLS_E_SHORT_MEMORY_BUFFER);
+
 		ctx->cipher->decrypt(ctx, encr_size, plain, encr);
 
 		ctx->cipher->tag(ctx->ctx_ptr, tag_size, tag);
@@ -1297,6 +1301,10 @@ wrap_nettle_cipher_aead_decrypt(void *_ctx,
 	} else {
 		/* CCM-style cipher */
 		encr_size -= tag_size;
+
+		if (unlikely(plain_size < encr_size))
+			return gnutls_assert_val(GNUTLS_E_SHORT_MEMORY_BUFFER);
+
 		ret = ctx->cipher->aead_decrypt(ctx,
 						nonce_size, nonce,
 						auth_size, auth,
author	Daiki Ueno <ueno@gnu.org>	2020-08-13 18:17:08 +0200
committer	Daiki Ueno <ueno@gnu.org>	2020-08-17 10:45:16 +0200
commit	206124659008728cb01eeab710322c7611a28676 (patch)
tree	150555234fc577da7d32cbf0f7d7258f2355a1aa /lib
parent	606b77a2422c7e4124d80904bd191184323205fc (diff)
download	gnutls-tmp-cipher-check-length.tar.gz