]> git.ipfire.org Git - thirdparty/gnutls.git/commitdiff
projects / thirdparty / gnutls.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: c420266)
accelerated: check keysize in SSSE3 cipher setkey
authorVitezslav Cizek <vcizek@suse.com>
Tue, 6 Feb 2018 15:46:31 +0000 (16:46 +0100)
committerNikos Mavrogiannopoulos <nmav@redhat.com>
Thu, 8 Feb 2018 13:57:06 +0000 (14:57 +0100)
aes_ssse3_cipher_setkey() accepted any key size,
which could lead to invalid memory access.

Such as with the oss-fuzz corpora file
fuzz/gnutls_pkcs8_key_parser_fuzzer.in/da59d34eacdf50a0019a457fb7c4916be48c99a5

Signed-off-by: Vitezslav Cizek <vcizek@suse.com>
lib/accelerated/x86/aes-cbc-x86-ssse3.c patch | blob | blame | history

diff --git a/lib/accelerated/x86/aes-cbc-x86-ssse3.c b/lib/accelerated/x86/aes-cbc-x86-ssse3.c
index 8b90a5990a8d2ade29cd160fcf8e96f473f2e545..d0f3708781303fad521775bb723ac799825d8b76 100644 (file)
--- a/lib/accelerated/x86/aes-cbc-x86-ssse3.c
+++ b/lib/accelerated/x86/aes-cbc-x86-ssse3.c
@@ -65,6 +65,9 @@ aes_ssse3_cipher_setkey(void *_ctx, const void *userkey, size_t keysize)
        struct aes_ctx *ctx = _ctx;
        int ret;
 
+       if (keysize != 16 && keysize != 24 && keysize != 32)
+               return GNUTLS_E_INVALID_REQUEST;
+
        if (ctx->enc)
                ret =
                    vpaes_set_encrypt_key(userkey, keysize * 8,
Mirror of https://gitlab.com/gnutls/gnutls.git