bogus decryption can cause incorrect behavior of PK11_DigestFinal

RESOLVED FIXED in 3.4

Status

NSS
Libraries
P1
normal
RESOLVED FIXED
17 years ago
17 years ago

People

(Reporter: Jamie Nicolson, Assigned: Robert Relyea)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

17 years ago
This code in NSC_DecryptFinal will cause problems if the decrypted block is not
well-formed (for example, the key is incorrect):

rv = (*context->update)(context->cipherInfo, pLastPart, &outlen,
                 maxout, context->padBuf, context->blockSize);
if (rv == SECSuccess) {
   unsigned int padSize =
          (unsigned int) pLastPart[context->blockSize-1];
   *pulLastPartLen = outlen - padSize;
}

If the decrypted block is not well-formed, padSize will be set to something
arbitrary, and pulLastPartLen will be passed out of the function with a bogus
value, usually a very large unsigned int. Later code might try to allocate this
space, which will generate an out of memory condition.

I propose that if padSize > blockSize+1, the function should fail.

Comment 1

17 years ago
Assigned the bug to Bob.
Assignee: wtc → relyea

Updated

17 years ago
Priority: -- → P1
Target Milestone: --- → 3.4
(Assignee)

Comment 2

17 years ago
The code now makes the following check:

if ((padSize > context->blockSize) || (padSize == 0)) {
   fail;
}

padSize to be valid must be between 1 and countext->blockSize
Status: NEW → RESOLVED
Last Resolved: 17 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.