lib:crypto: Check for overflow before filling pauth_tag array

author Joseph Sutton <josephsutton@catalyst.net.nz>

Tue, 2 Aug 2022 02:34:26 +0000 (14:34 +1200)

committer Andrew Bartlett <abartlet@samba.org>

Mon, 12 Sep 2022 23:07:37 +0000 (23:07 +0000)
author Joseph Sutton <josephsutton@catalyst.net.nz>
Tue, 2 Aug 2022 02:34:26 +0000 (14:34 +1200)
committer Andrew Bartlett <abartlet@samba.org>
Mon, 12 Sep 2022 23:07:37 +0000 (23:07 +0000)
diff --git a/lib/crypto/gnutls_aead_aes_256_cbc_hmac_sha512.c b/lib/crypto/gnutls_aead_aes_256_cbc_hmac_sha512.c

index a05aa8a323cac2bd393ca2c8d74689bcc4ee2495..fc4d21f4ec56536f1ec33cdb7ead92d1f2e7f354 100644 (file)
--- a/lib/crypto/gnutls_aead_aes_256_cbc_hmac_sha512.c
+++ b/lib/crypto/gnutls_aead_aes_256_cbc_hmac_sha512.c
@@ -124,6 +124,14 @@ samba_gnutls_aead_aes_256_cbc_hmac_sha512_encrypt(TALLOC_CTX *mem_ctx,
          * TODO: Use gnutls_cipher_encrypt3()
          */
  
+       if (hmac_size > 64) {
+               /*
+                * We don't want to overflow 'pauth_tag', which is 64 bytes in
+                * size.
+                */
+               return NT_STATUS_INVALID_BUFFER_SIZE;
+       }
+
         if (plaintext->length + aes_block_size < plaintext->length) {
                 return NT_STATUS_INVALID_BUFFER_SIZE;
         }
author	Joseph Sutton <josephsutton@catalyst.net.nz>
	Tue, 2 Aug 2022 02:34:26 +0000 (14:34 +1200)
committer	Andrew Bartlett <abartlet@samba.org>
	Mon, 12 Sep 2022 23:07:37 +0000 (23:07 +0000)