mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2026-07-05 16:30:49 +02:00
Add sz check to ChachaAEADDecrypt to prevent potential underflow.
Thanks to Zou Dikai for the report.
This commit is contained in:
+6
-1
@@ -20000,10 +20000,15 @@ int ChachaAEADDecrypt(WOLFSSL* ssl, byte* plain, const byte* input,
|
||||
byte tag[POLY1305_AUTH_SZ];
|
||||
byte poly[CHACHA20_256_KEY_SIZE]; /* generated key for mac */
|
||||
int ret = 0;
|
||||
int msgLen = (sz - ssl->specs.aead_mac_size);
|
||||
int msgLen = 0;
|
||||
Keys* keys = &ssl->keys;
|
||||
byte* seq = NULL;
|
||||
|
||||
if (sz < ssl->specs.aead_mac_size) {
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
msgLen = (sz - ssl->specs.aead_mac_size);
|
||||
|
||||
#ifdef CHACHA_AEAD_TEST
|
||||
int i;
|
||||
printf("input before decrypt :\n");
|
||||
|
||||
Reference in New Issue
Block a user