(Bug) Buffer overrun in gcry_cipher_gettag

Werner Koch wk at gnupg.org
Tue Mar 22 14:16:06 CET 2016

On Tue, 22 Mar 2016 11:08, peter at lekensteyn.nl said:

> implementations of the gcry_cipher_gettag routine do not properly
> validate their tag length.

Please explain.

>     _gcry_cipher_ocb_get_tag (gcry_cipher_hd_t c,
>                               unsigned char *outtag, size_t outtagsize)
>     {
>       if (c->u_mode.ocb.taglen > outtagsize)
>         return GPG_ERR_BUFFER_TOO_SHORT;
>     ...
>       memcpy (outtag, c->u_mode.ocb.tag, c->u_mode.ocb.taglen);

The coment above that function states:

/* Copy the already computed tag to OUTTAG.  OUTTAGSIZE is the
   allocated size of OUTTAG; the function returns an error if that is
   too short to hold the tag.  */

This I can't see why there would be a buffer overrun:  OUTTAG has been
allocated by the caller with a size of OUTTAGSIZE.  We check that the
tag we want to copy to OUTBUF is less or equal than the buffer allocated
for OUTTAG.  And then we do the memcpy.  Where do you see the problem or
what did I miss?



Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

More information about the Gcrypt-devel mailing list