diff options
| author | Joseph Sutton <josephsutton@catalyst.net.nz> | 2022-08-02 14:34:26 +1200 |
|---|---|---|
| committer | Andrew Bartlett <abartlet@samba.org> | 2022-09-12 23:07:37 +0000 |
| commit | cec59b82f7041a305c228091a84257c28e0818d5 (patch) | |
| tree | 4981463aca8883b72eb095e3cccc132966130ec7 /lib/crypto | |
| parent | 03f0e4d55be80a1a6dcc0dba8e6ed74d9da63dc3 (diff) | |
| download | samba-cec59b82f7041a305c228091a84257c28e0818d5.tar.gz | |
lib:crypto: Check for overflow before filling pauth_tag array
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Diffstat (limited to 'lib/crypto')
| -rw-r--r-- | lib/crypto/gnutls_aead_aes_256_cbc_hmac_sha512.c | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/lib/crypto/gnutls_aead_aes_256_cbc_hmac_sha512.c b/lib/crypto/gnutls_aead_aes_256_cbc_hmac_sha512.c index a05aa8a323c..fc4d21f4ec5 100644 --- a/lib/crypto/gnutls_aead_aes_256_cbc_hmac_sha512.c +++ b/lib/crypto/gnutls_aead_aes_256_cbc_hmac_sha512.c @@ -124,6 +124,14 @@ samba_gnutls_aead_aes_256_cbc_hmac_sha512_encrypt(TALLOC_CTX *mem_ctx, * TODO: Use gnutls_cipher_encrypt3() */ + if (hmac_size > 64) { + /* + * We don't want to overflow 'pauth_tag', which is 64 bytes in + * size. + */ + return NT_STATUS_INVALID_BUFFER_SIZE; + } + if (plaintext->length + aes_block_size < plaintext->length) { return NT_STATUS_INVALID_BUFFER_SIZE; } |