diff options
| author | Kevin Jacobs <kjacobs@mozilla.com> | 2019-10-24 16:47:28 +0200 |
|---|---|---|
| committer | wolfbeast <mcwerewolf@wolfbeast.com> | 2019-10-24 22:43:18 +0200 |
| commit | 820d6ea6a43590a9bbd9b908154f2632c290107c (patch) | |
| tree | 2b6d4bf7018343b86533664a8812fbcbc3cab20f /security/nss/lib/freebl/ctr.c | |
| parent | c6f4af2c515f81e5baa0423442c4b1a0355f1b70 (diff) | |
| download | UXP-820d6ea6a43590a9bbd9b908154f2632c290107c.tar UXP-820d6ea6a43590a9bbd9b908154f2632c290107c.tar.gz UXP-820d6ea6a43590a9bbd9b908154f2632c290107c.tar.lz UXP-820d6ea6a43590a9bbd9b908154f2632c290107c.tar.xz UXP-820d6ea6a43590a9bbd9b908154f2632c290107c.zip | |
Add length checks for cryptographic primitives
This rollup patch adds additional length checks around cryptographic
primitives.
Diffstat (limited to 'security/nss/lib/freebl/ctr.c')
| -rw-r--r-- | security/nss/lib/freebl/ctr.c | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/security/nss/lib/freebl/ctr.c b/security/nss/lib/freebl/ctr.c index d7652c060..4d26a5b06 100644 --- a/security/nss/lib/freebl/ctr.c +++ b/security/nss/lib/freebl/ctr.c @@ -128,6 +128,12 @@ CTR_Update(CTRContext *ctr, unsigned char *outbuf, unsigned int tmp; SECStatus rv; + // Limit block count to 2^counterBits - 2 + if (ctr->counterBits < (sizeof(unsigned int) * 8) && + inlen > ((1 << ctr->counterBits) - 2) * AES_BLOCK_SIZE) { + PORT_SetError(SEC_ERROR_INPUT_LEN); + return SECFailure; + } if (maxout < inlen) { *outlen = inlen; PORT_SetError(SEC_ERROR_OUTPUT_LEN); @@ -199,6 +205,12 @@ CTR_Update_HW_AES(CTRContext *ctr, unsigned char *outbuf, unsigned int tmp; SECStatus rv; + // Limit block count to 2^counterBits - 2 + if (ctr->counterBits < (sizeof(unsigned int) * 8) && + inlen > ((1 << ctr->counterBits) - 2) * AES_BLOCK_SIZE) { + PORT_SetError(SEC_ERROR_INPUT_LEN); + return SECFailure; + } if (maxout < inlen) { *outlen = inlen; PORT_SetError(SEC_ERROR_OUTPUT_LEN); |