Closed Bug 1578238 Opened 5 years ago Closed 5 years ago

CKM_AES_GCM succeeds with invalid tag sizes -- may lead to memory bugs

Categories

(NSS :: Libraries, defect, P1)

Product:
NSS
Component:
Libraries
Type:
defect

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: guidovranken, Assigned: marcus.apb)

Details

(Keywords: csectype-bounds, sec-audit)

Attachments

(2 files)

poc_aes_gcm_invalid_tagsize.cpp
2.83 KB, text/x-c++src
Details
Bug 1578238 - Validate tag size in AES_GCM. r=kjacobs,jcj
47 bytes, text/x-phabricator-request
Details | Review

User Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0

Steps to reproduce:

CKM_AES_GCM with tag size = 1024

Actual results:

Call succeeds and the memory region that is expected to contain the tag, is partially uninitialized.

Expected results:

Call must fail.

Please see attached proof of concept for clarification.

From a cursory inspection Firefox, SRTP, and NSS SSL appear not vulnerable. Marking this as a security problem in case any other users of NSS are vulnerable.

Assignee: nobody → marcus.apb
Status: UNCONFIRMED → ASSIGNED
Ever confirmed: true
Keywords: sec-audit
Keywords: csectype-bounds
Priority: -- → P1

I don't see any reason to uplift this to Beta or ESR - please push back if you disagree. Otherwise let's plan to land it this week.

Keywords: checkin-needed

https://hg.mozilla.org/projects/nss/rev/4e3971fd992c0513d0696048c64b7230e5b6039b

Status: ASSIGNED → RESOLVED
Closed: 5 years ago
Keywords: checkin-needed
Resolution: --- → FIXED
Target Milestone: --- → 3.47
Group: crypto-core-security → core-security-release
Group: core-security-release
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: