[PATCH 1/2] Fix buffer overrun in gettag for GCM
Peter Wu
peter at lekensteyn.nl
Wed Mar 23 03:45:20 CET 2016
* cipher/cipher-gcm.c: copy a fixed length instead of the user-supplied
number.
--
The outbuflen is used to check the minimum size, the real tag is always
of fixed length.
Signed-off-by: Peter Wu <peter at lekensteyn.nl>
---
cipher/cipher-gcm.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/cipher/cipher-gcm.c b/cipher/cipher-gcm.c
index d390ef8..cb81ea9 100644
--- a/cipher/cipher-gcm.c
+++ b/cipher/cipher-gcm.c
@@ -803,12 +803,12 @@ _gcry_cipher_gcm_tag (gcry_cipher_hd_t c,
if (!check)
{
- memcpy (outbuf, c->u_mode.gcm.u_tag.tag, outbuflen);
+ memcpy (outbuf, c->u_mode.gcm.u_tag.tag, GCRY_GCM_BLOCK_LEN);
return GPG_ERR_NO_ERROR;
}
else
{
- return buf_eq_const(outbuf, c->u_mode.gcm.u_tag.tag, outbuflen) ?
+ return buf_eq_const(outbuf, c->u_mode.gcm.u_tag.tag, GCRY_GCM_BLOCK_LEN) ?
GPG_ERR_NO_ERROR : GPG_ERR_CHECKSUM;
}
--
2.7.4
More information about the Gcrypt-devel
mailing list