sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-08-21 09:49:28 +03:00
Code Activity

lib:crypto: Check for overflow before filling pauth_tag array

Browse Source 
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit cec59b82f7)
This commit is contained in:
Joseph Sutton
2022-08-02 14:34:26 +12:00
committed by Jule Anger
parent 7656b3e7b9
commit af7c57e037
1 changed files with 8 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
lib/crypto/gnutls_aead_aes_256_cbc_hmac_sha512.c
View File

@ -124,6 +124,14 @@ samba_gnutls_aead_aes_256_cbc_hmac_sha512_encrypt(TALLOC_CTX *mem_ctx,
* TODO: Use gnutls_cipher_encrypt3()
*/
if (hmac_size > 64) {
/*
* We don't want to overflow 'pauth_tag', which is 64 bytes in
* size.
*/
return NT_STATUS_INVALID_BUFFER_SIZE;
}
if (plaintext->length + aes_block_size < plaintext->length) {
return NT_STATUS_INVALID_BUFFER_SIZE;
}