]> git.ipfire.org Git - thirdparty/chrony.git/commitdiff
projects / thirdparty / chrony.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 4baf999)
nts: make sure encrypted S2C and C2S keys have equal length
authorMiroslav Lichvar <mlichvar@redhat.com>
Tue, 11 Oct 2022 10:32:04 +0000 (12:32 +0200)
committerMiroslav Lichvar <mlichvar@redhat.com>
Wed, 19 Oct 2022 13:50:39 +0000 (15:50 +0200)
Don't allow a cookie to contain keys with different lengths to not break
the assumption made in decoding, if there will ever be a case where this
could be requested.

nts_ke_server.c patch | blob | blame | history

diff --git a/nts_ke_server.c b/nts_ke_server.c
index ece1b4c01b21f208c54f37f458d4425511394085..948058ae4dee46e0423bfb29c9d849305f6bc195 100644 (file)
--- a/nts_ke_server.c
+++ b/nts_ke_server.c
@@ -869,7 +869,7 @@ NKS_GenerateCookie(NKE_Context *context, NKE_Cookie *cookie)
   }
 
   if (context->c2s.length < 0 || context->c2s.length > NKE_MAX_KEY_LENGTH ||
-      context->s2c.length < 0 || context->s2c.length > NKE_MAX_KEY_LENGTH) {
+      context->s2c.length != context->c2s.length) {
     DEBUG_LOG("Invalid key length");
     return 0;
   }
Mirror of https://git.tuxfamily.org/chrony/chrony.git