Closed
Bug 922780
Opened 11 years ago
Closed 11 years ago
NSC_DecryptUpdate should also check the input data length for block ciphers when the output buffer is provided
Categories
(NSS :: Libraries, defect, P2)
NSS
Libraries
Tracking
(Not tracked)
RESOLVED
FIXED
3.15.4
People
(Reporter: wtc, Assigned: wtc)
Details
Attachments
(1 file)
1.87 KB,
patch
|
ryan.sleevi
:
review+
wtc
:
checked-in+
|
Details | Diff | Splinter Review |
NSC_DecryptUpdate checks the input data length for block ciphers when the output buffer is not provided (|pPart| is null). It should do the same check when the output buffer is provided. Otherwise, it may read before the beginning of the input data buffer and decrement ulEncryptedPartLen to a negative number (or rather, a huge unsigned value).
Attachment #812772 -
Flags: superreview?(rrelyea)
Attachment #812772 -
Flags: review?(ryan.sleevi)
Comment 1•11 years ago
|
||
Comment on attachment 812772 [details] [diff] [review] Patch Confirmed with PKCS#11 v2.20 that this is the correct error code for when the encrypted text is not a multiple of the block size, and is the highest priority error code to return. There still needs to be a length check for the CKR_BUFFER_TOO_SMALL case, but that can be handled separately.
Attachment #812772 -
Flags: review?(ryan.sleevi) → review+
Assignee | ||
Comment 2•11 years ago
|
||
Thanks for checking PKCS #11. I will fix the CKR_BUFFER_TOO_SMALL problem in bug 921687. Patch checked in: https://hg.mozilla.org/projects/nss/rev/dec241b62016
Status: ASSIGNED → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
Assignee | ||
Updated•11 years ago
|
Attachment #812772 -
Flags: checked-in+
You need to log in
before you can comment on or make changes to this bug.
Description
•