diff options
| author | Matthias Schiffer <mschiffer@universe-factory.net> | 2013-11-18 21:06:08 +0100 |
|---|---|---|
| committer | Matthias Schiffer <mschiffer@universe-factory.net> | 2013-11-18 21:08:46 +0100 |
| commit | 3fa0b84824873cfcad51b4ec6ea604f21620802b (patch) | |
| tree | cd49adaee049b7fff2f57753cef3bd2e2090895a | |
| parent | bfca35f65728de720dee712d446638a00b459aad (diff) | |
| download | fastd-3fa0b84824873cfcad51b4ec6ea604f21620802b.tar fastd-3fa0b84824873cfcad51b4ec6ea604f21620802b.zip | |
generic-gmac: don't access invalid pointer for the reorder check with null cipher
| -rw-r--r-- | src/methods/generic_gmac/generic_gmac.c | 16 |
1 files changed, 9 insertions, 7 deletions
diff --git a/src/methods/generic_gmac/generic_gmac.c b/src/methods/generic_gmac/generic_gmac.c index 2a44858..4b4109e 100644 --- a/src/methods/generic_gmac/generic_gmac.c +++ b/src/methods/generic_gmac/generic_gmac.c @@ -262,22 +262,24 @@ static bool method_decrypt(fastd_context_t *ctx, fastd_peer_t *peer, fastd_metho if (!method_session_is_valid(ctx, session)) return false; - if (((const uint8_t*)in.data)[COMMON_NONCEBYTES]) /* flags */ + const uint8_t *common_nonce = in.data; + + if (common_nonce[COMMON_NONCEBYTES]) /* flags */ return false; int64_t age; - if (!fastd_method_is_nonce_valid(ctx, &session->common, in.data, &age)) + if (!fastd_method_is_nonce_valid(ctx, &session->common, common_nonce, &age)) return false; uint8_t gmac_nonce[session->gmac_ivlen]; memset(gmac_nonce, 0, session->gmac_ivlen); - memcpy(gmac_nonce, in.data, COMMON_NONCEBYTES); + memcpy(gmac_nonce, common_nonce, COMMON_NONCEBYTES); gmac_nonce[session->gmac_ivlen-1] = 1; uint8_t nonce[session->ivlen]; if (session->ivlen) { memset(nonce, 0, session->ivlen); - memcpy(nonce, in.data, COMMON_NONCEBYTES); + memcpy(nonce, common_nonce, COMMON_NONCEBYTES); nonce[session->ivlen-1] = 1; } @@ -311,15 +313,15 @@ static bool method_decrypt(fastd_context_t *ctx, fastd_peer_t *peer, fastd_metho return false; } - fastd_buffer_free(in); - fastd_buffer_push_head(ctx, out, sizeof(fastd_block128_t)); - if (!fastd_method_reorder_check(ctx, peer, &session->common, nonce, age)) { + if (!fastd_method_reorder_check(ctx, peer, &session->common, common_nonce, age)) { fastd_buffer_free(*out); *out = fastd_buffer_alloc(ctx, 0, 0, 0); } + fastd_buffer_free(in); + return true; } |