Closed Bug 97381 Opened 23 years ago Closed 23 years ago

bogus decryption can cause incorrect behavior of PK11_DigestFinal

Categories

(NSS :: Libraries, defect, P1)

Product:
NSS
Component:
Libraries
Type:
defect

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: jamie-bugzilla, Assigned: rrelyea)

Details

This code in NSC_DecryptFinal will cause problems if the decrypted block is not
well-formed (for example, the key is incorrect):

rv = (*context->update)(context->cipherInfo, pLastPart, &outlen,
                 maxout, context->padBuf, context->blockSize);
if (rv == SECSuccess) {
   unsigned int padSize =
          (unsigned int) pLastPart[context->blockSize-1];
   *pulLastPartLen = outlen - padSize;
}

If the decrypted block is not well-formed, padSize will be set to something
arbitrary, and pulLastPartLen will be passed out of the function with a bogus
value, usually a very large unsigned int. Later code might try to allocate this
space, which will generate an out of memory condition.

I propose that if padSize > blockSize+1, the function should fail.
Assigned the bug to Bob.
Assignee: wtc → relyea
Priority: -- → P1
Target Milestone: --- → 3.4
The code now makes the following check:

if ((padSize > context->blockSize) || (padSize == 0)) {
   fail;
}

padSize to be valid must be between 1 and countext->blockSize
Status: NEW → RESOLVED
Closed: 23 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.