Fix AES padding not removed if % AES_BLOCKSIZE.
Don't memcpy beyond src buffer size in strcpy implementation. Technically safe since the buffer overrun was replaced by NUL, but act can trigger memory safety features.
This commit is contained in:
parent
f999e75ebe
commit
6832c05138
@ -395,7 +395,6 @@ uint8_t const *mpw_hash_hmac_sha256(const uint8_t *key, const size_t keySize, co
|
|||||||
return mac;
|
return mac;
|
||||||
}
|
}
|
||||||
|
|
||||||
// We do our best to not fail on odd buf's, eg. non-padded cipher texts.
|
|
||||||
static uint8_t const *mpw_aes(bool encrypt, const uint8_t *key, const size_t keySize, const uint8_t *buf, size_t *bufSize) {
|
static uint8_t const *mpw_aes(bool encrypt, const uint8_t *key, const size_t keySize, const uint8_t *buf, size_t *bufSize) {
|
||||||
|
|
||||||
if (!key || keySize < AES_BLOCKLEN || !bufSize || !*bufSize)
|
if (!key || keySize < AES_BLOCKLEN || !bufSize || !*bufSize)
|
||||||
@ -431,7 +430,7 @@ static uint8_t const *mpw_aes(bool encrypt, const uint8_t *key, const size_t key
|
|||||||
// Truncate PKCS#7 padding
|
// Truncate PKCS#7 padding
|
||||||
if (encrypt)
|
if (encrypt)
|
||||||
*bufSize = aesSize;
|
*bufSize = aesSize;
|
||||||
else if (*bufSize % AES_BLOCKLEN == 0 && resultBuf[aesSize - 1] < AES_BLOCKLEN)
|
else if (resultBuf[aesSize - 1] <= AES_BLOCKLEN)
|
||||||
*bufSize -= resultBuf[aesSize - 1];
|
*bufSize -= resultBuf[aesSize - 1];
|
||||||
|
|
||||||
return resultBuf;
|
return resultBuf;
|
||||||
@ -596,7 +595,7 @@ const uint8_t *mpw_unhex(const char *hex) {
|
|||||||
mpw_free( &buf, bytes );
|
mpw_free( &buf, bytes );
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
return buf;
|
return buf;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -654,8 +653,9 @@ char *mpw_strndup(const char *src, const size_t max) {
|
|||||||
size_t len = 0;
|
size_t len = 0;
|
||||||
for (; len < max && src[len] != '\0'; ++len);
|
for (; len < max && src[len] != '\0'; ++len);
|
||||||
|
|
||||||
char *dst = mpw_memdup( src, len + 1 );
|
char *dst = calloc( len + 1, sizeof( char ) );
|
||||||
dst[len] = '\0';
|
if (dst)
|
||||||
|
memcpy( dst, src, len );
|
||||||
|
|
||||||
return dst;
|
return dst;
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user