diff options
Diffstat (limited to 'src/util')
-rw-r--r-- | src/util/crypto/libcrypto/crypto_obfuscate.c | 8 | ||||
-rw-r--r-- | src/util/crypto/nss/nss_obfuscate.c | 8 |
2 files changed, 12 insertions, 4 deletions
diff --git a/src/util/crypto/libcrypto/crypto_obfuscate.c b/src/util/crypto/libcrypto/crypto_obfuscate.c index 50ea469c8..85de333ec 100644 --- a/src/util/crypto/libcrypto/crypto_obfuscate.c +++ b/src/util/crypto/libcrypto/crypto_obfuscate.c @@ -141,17 +141,21 @@ int sss_password_encrypt(TALLOC_CTX *mem_ctx, const char *password, int plen, } result_len = ctlen + digestlen; + if (result_len < 0 || result_len > UINT16_MAX) { + ret = ERANGE; + goto done; + } /* Pack the obfuscation buffer */ /* The buffer consists of: * uint16_t the type of the cipher - * uint32_t length of the cryptotext in bytes (clen) + * uint16_t length of the cryptotext in bytes (clen) * uint8_t[klen] key * uint8_t[blen] IV * uint8_t[clen] cryptotext * 4 bytes of "sentinel" denoting end of the buffer */ - obufsize = sizeof(uint16_t) + sizeof(uint32_t) + + obufsize = sizeof(uint16_t) + sizeof(uint16_t) + mech_props->keylen + mech_props->bsize + result_len + OBF_BUFFER_SENTINEL_SIZE; obfbuf = talloc_array(tmp_ctx, unsigned char, obufsize); diff --git a/src/util/crypto/nss/nss_obfuscate.c b/src/util/crypto/nss/nss_obfuscate.c index fc052ec97..8c6bdc525 100644 --- a/src/util/crypto/nss/nss_obfuscate.c +++ b/src/util/crypto/nss/nss_obfuscate.c @@ -325,17 +325,21 @@ int sss_password_encrypt(TALLOC_CTX *mem_ctx, const char *password, int plen, goto done; } result_len = ctlen + digestlen; + if (result_len < 0 || result_len > UINT16_MAX) { + ret = ERANGE; + goto done; + } /* Pack the obfuscation buffer */ /* The buffer consists of: * uint16_t the type of the cipher - * uint32_t length of the cryptotext in bytes (clen) + * uint16_t length of the cryptotext in bytes (clen) * uint8_t[klen] key * uint8_t[blen] IV * uint8_t[clen] cryptotext * 4 bytes of "sentinel" denoting end of the buffer */ - obufsize = sizeof(uint16_t) + sizeof(uint32_t) + + obufsize = sizeof(uint16_t) + sizeof(uint16_t) + mech_props->keylen + mech_props->bsize + result_len + OBF_BUFFER_SENTINEL_SIZE; obfbuf = talloc_array(tmp_ctx, unsigned char, obufsize); |