Closed Bug 624042 Opened 14 years ago Closed 6 months ago

Softoken cannot decrypt padded data into a buffer that does not reserve room for the padding

Categories

(NSS :: Libraries, defect, P3)

Product:
NSS
Component:
Libraries
Platform:
x86
All
Type:
defect

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: briansmith, Unassigned)

References

Details

> /* this assumes that pLastPart is big enough to hold the *whole*
>  * buffer!!! */
> rv = (*context->update)(context->cipherInfo, pLastPart, &outlen,
>    maxout, context->padBuf, context->blockSize);

We should remove the assumption; decrypt the last block into a separate tem buffer, check the padding, copy the decrypted data into pLastPart, and then zeroize the temp buffer.
See Also: → 618418
bsmith: just to confirm my understanding: this bug will result in a
decryption failure but not a buffer overflow, right?  If pLastPart
does not reserve room for the padding, the (*context->update)() call
you showed should fail.

If so, this bug isn't serious because without knowing the length of
the plaintext in advance, the caller has to use an output buffer
large enough for a padding of only one byte.  I think most callers
will use an output buffer that's at least as long as the ciphertext.
Summary: Softoken cannot decrypt padded data into a buffer that does reserve room for the padding → Softoken cannot decrypt padded data into a buffer that does not reserve room for the padding
Severity: normal → S3
Status: NEW → RESOLVED
Closed: 6 months ago
Priority: -- → P3
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.