From: Jamon Camisso Date: Wed, 8 Jul 2026 11:54:31 +0000 (-0400) Subject: [Fix] lua_cryptobox: pass padded nonce to secretbox encrypt/decrypt X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=efb4d5cd57386096420167dda4ad6c806d9b5853;p=thirdparty%2Frspamd.git [Fix] lua_cryptobox: pass padded nonce to secretbox encrypt/decrypt Both secretbox encrypt and decrypt built a zero-padded 24-byte real_nonce but passed the original short nonce pointer to libsodium, reading up to 23 bytes out of bounds and producing ciphertexts that depend on adjacent memory contents. Fixes #6121 --- diff --git a/src/lua/lua_cryptobox.c b/src/lua/lua_cryptobox.c index ef0d4865b7..1ae1ab7aad 100644 --- a/src/lua/lua_cryptobox.c +++ b/src/lua/lua_cryptobox.c @@ -3049,7 +3049,7 @@ lua_cryptobox_secretbox_encrypt(lua_State *L) out = lua_new_text(L, NULL, inlen + crypto_secretbox_MACBYTES, TRUE); crypto_secretbox_easy((unsigned char *) out->start, in, inlen, - nonce, sbox->sk); + real_nonce, sbox->sk); return 1; } @@ -3149,7 +3149,7 @@ lua_cryptobox_secretbox_decrypt(lua_State *L) int text_pos = lua_gettop(L); if (crypto_secretbox_open_easy((unsigned char *) out->start, in, inlen, - nonce, sbox->sk) == 0) { + real_nonce, sbox->sk) == 0) { lua_pushboolean(L, true); lua_pushvalue(L, text_pos); /* Prevent gc by copying in stack */ }