Fix buffer overrun in gettag for GCM
d3d7bdf82152Unpublished
Actions

Unpublished Commit · Learn More

Not On Permanent Ref: This commit is not an ancestor of any permanent ref.

Description

Fix buffer overrun in gettag for GCM

* cipher/cipher-gcm.c: copy a fixed length instead of the user-supplied
  number.

The outbuflen is used to check the minimum size, the real tag is always
of fixed length.

Actually this is not a buffer overrun because we copy not more than
has been allocated for OUTBUF. However a too long OUTBUFLEN accesses
data outside of the source buffer. -wk

Signed-off-by: Peter Wu <peter@lekensteyn.nl>

Details

Provenance

Lekensteyn	Authored on Mar 23 2016, 3:45 AM
• werner	Committed on Mar 23 2016, 11:02 AM

Parents

rCd328095dd4de: tests: Add options --fips to keygen for manual tests.

Branches

Unknown

Tags

Unknown

Event Timeline

Werner Koch <wk@gnupg.org> committed rCd3d7bdf82152: Fix buffer overrun in gettag for GCM (authored by Peter Wu <peter@lekensteyn.nl>).Mar 23 2016, 11:02 AM

Changes (1)

Path

Size

cipher/

cipher-gcm.c

rCd3d7bdf82152

View Options

Fix buffer overrun in gettag for GCMd3d7bdf82152UnpublishedActions