]> git.ipfire.org Git - thirdparty/rspamd.git/commitdiff
[Fix] lua_cryptobox: pass padded nonce to secretbox encrypt/decrypt
authorJamon Camisso <jamonation@users.noreply.github.com>
Wed, 8 Jul 2026 11:54:31 +0000 (07:54 -0400)
committerGitHub <noreply@github.com>
Wed, 8 Jul 2026 11:54:31 +0000 (12:54 +0100)
Both secretbox encrypt and decrypt built a zero-padded 24-byte real_nonce
but passed the original short nonce pointer to libsodium, reading up to
23 bytes out of bounds and producing ciphertexts that depend on adjacent
memory contents.

Fixes #6121

src/lua/lua_cryptobox.c

index ef0d4865b790822eac8d114895a8d228f484cd3d..1ae1ab7aad52a99e7b0c943dd82d9af37062fd40 100644 (file)
@@ -3049,7 +3049,7 @@ lua_cryptobox_secretbox_encrypt(lua_State *L)
                out = lua_new_text(L, NULL, inlen + crypto_secretbox_MACBYTES,
                                                   TRUE);
                crypto_secretbox_easy((unsigned char *) out->start, in, inlen,
-                                                         nonce, sbox->sk);
+                                                         real_nonce, sbox->sk);
 
                return 1;
        }
@@ -3149,7 +3149,7 @@ lua_cryptobox_secretbox_decrypt(lua_State *L)
        int text_pos = lua_gettop(L);
 
        if (crypto_secretbox_open_easy((unsigned char *) out->start, in, inlen,
-                                                                  nonce, sbox->sk) == 0) {
+                                                                  real_nonce, sbox->sk) == 0) {
                lua_pushboolean(L, true);
                lua_pushvalue(L, text_pos); /* Prevent gc by copying in stack */
        }