diff options
| author | Joseph Sutton <josephsutton@catalyst.net.nz> | 2022-08-02 14:34:26 +1200 |
|---|---|---|
| committer | Jule Anger <janger@samba.org> | 2022-09-19 04:02:12 +0000 |
| commit | af7c57e03763e1851a9eaff648a50e4c9611265f (patch) | |
| tree | c2b97a3965390b0bc70f7f7c0407f2a829a57bc0 /lib | |
| parent | 7656b3e7b959b583fe84d82346f6b16716ef304e (diff) | |
| download | samba-af7c57e03763e1851a9eaff648a50e4c9611265f.tar.gz | |
lib:crypto: Check for overflow before filling pauth_tag array
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit cec59b82f7041a305c228091a84257c28e0818d5)
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/crypto/gnutls_aead_aes_256_cbc_hmac_sha512.c | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/lib/crypto/gnutls_aead_aes_256_cbc_hmac_sha512.c b/lib/crypto/gnutls_aead_aes_256_cbc_hmac_sha512.c index a05aa8a323c..fc4d21f4ec5 100644 --- a/lib/crypto/gnutls_aead_aes_256_cbc_hmac_sha512.c +++ b/lib/crypto/gnutls_aead_aes_256_cbc_hmac_sha512.c @@ -124,6 +124,14 @@ samba_gnutls_aead_aes_256_cbc_hmac_sha512_encrypt(TALLOC_CTX *mem_ctx, * TODO: Use gnutls_cipher_encrypt3() */ + if (hmac_size > 64) { + /* + * We don't want to overflow 'pauth_tag', which is 64 bytes in + * size. + */ + return NT_STATUS_INVALID_BUFFER_SIZE; + } + if (plaintext->length + aes_block_size < plaintext->length) { return NT_STATUS_INVALID_BUFFER_SIZE; } |