diff options
author | Kevin Jacobs <kjacobs@mozilla.com> | 2019-10-24 16:47:28 +0200 |
---|---|---|
committer | wolfbeast <mcwerewolf@wolfbeast.com> | 2019-10-24 16:47:28 +0200 |
commit | c525bb791873ecdcce59c0da4ceafc8f5f557b2f (patch) | |
tree | f35f574e4213bd9a0cfaafbc8c283d7653ac063d /security/nss/lib/freebl/ctr.c | |
parent | edfba06ce39f155f9394381d4f445a0c986bac77 (diff) | |
download | UXP-c525bb791873ecdcce59c0da4ceafc8f5f557b2f.tar UXP-c525bb791873ecdcce59c0da4ceafc8f5f557b2f.tar.gz UXP-c525bb791873ecdcce59c0da4ceafc8f5f557b2f.tar.lz UXP-c525bb791873ecdcce59c0da4ceafc8f5f557b2f.tar.xz UXP-c525bb791873ecdcce59c0da4ceafc8f5f557b2f.zip |
Add length checks for cryptographic primitives
This rollup patch adds additional length checks around cryptographic
primitives.
Diffstat (limited to 'security/nss/lib/freebl/ctr.c')
-rw-r--r-- | security/nss/lib/freebl/ctr.c | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/security/nss/lib/freebl/ctr.c b/security/nss/lib/freebl/ctr.c index d7652c060..4d26a5b06 100644 --- a/security/nss/lib/freebl/ctr.c +++ b/security/nss/lib/freebl/ctr.c @@ -128,6 +128,12 @@ CTR_Update(CTRContext *ctr, unsigned char *outbuf, unsigned int tmp; SECStatus rv; + // Limit block count to 2^counterBits - 2 + if (ctr->counterBits < (sizeof(unsigned int) * 8) && + inlen > ((1 << ctr->counterBits) - 2) * AES_BLOCK_SIZE) { + PORT_SetError(SEC_ERROR_INPUT_LEN); + return SECFailure; + } if (maxout < inlen) { *outlen = inlen; PORT_SetError(SEC_ERROR_OUTPUT_LEN); @@ -199,6 +205,12 @@ CTR_Update_HW_AES(CTRContext *ctr, unsigned char *outbuf, unsigned int tmp; SECStatus rv; + // Limit block count to 2^counterBits - 2 + if (ctr->counterBits < (sizeof(unsigned int) * 8) && + inlen > ((1 << ctr->counterBits) - 2) * AES_BLOCK_SIZE) { + PORT_SetError(SEC_ERROR_INPUT_LEN); + return SECFailure; + } if (maxout < inlen) { *outlen = inlen; PORT_SetError(SEC_ERROR_OUTPUT_LEN); |