From 18e13778e5bfd4609804f37140613208ea620b23 Mon Sep 17 00:00:00 2001 From: Matthias Schiffer Date: Tue, 16 Sep 2014 03:47:33 +0200 Subject: Fix undefined behaviour due to zero length VLAs in null+* methods --- src/methods/composed_gmac/composed_gmac.c | 8 ++++---- src/methods/composed_umac/composed_umac.c | 8 ++++---- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/src/methods/composed_gmac/composed_gmac.c b/src/methods/composed_gmac/composed_gmac.c index b6506dd..26dd099 100644 --- a/src/methods/composed_gmac/composed_gmac.c +++ b/src/methods/composed_gmac/composed_gmac.c @@ -225,8 +225,8 @@ static bool method_encrypt(UNUSED fastd_peer_t *peer, fastd_method_session_state bool ok = session->gmac_cipher->crypt(session->gmac_cipher_state, outblocks, &ZERO_BLOCK, sizeof(fastd_block128_t), gmac_nonce); if (ok) { - uint8_t nonce[session->method->cipher_info->iv_length] __attribute__((aligned(8))); - fastd_method_expand_nonce(nonce, session->common.send_nonce, sizeof(nonce)); + uint8_t nonce[session->method->cipher_info->iv_length ?: 1] __attribute__((aligned(8))); + fastd_method_expand_nonce(nonce, session->common.send_nonce, session->method->cipher_info->iv_length); ok = session->cipher->crypt(session->cipher_state, outblocks+1, inblocks, n_blocks*sizeof(fastd_block128_t), nonce); } @@ -272,8 +272,8 @@ static bool method_decrypt(fastd_peer_t *peer, fastd_method_session_state_t *ses if (flags) return false; - uint8_t nonce[session->method->cipher_info->iv_length] __attribute__((aligned(8))); - fastd_method_expand_nonce(nonce, in_nonce, sizeof(nonce)); + uint8_t nonce[session->method->cipher_info->iv_length ?: 1] __attribute__((aligned(8))); + fastd_method_expand_nonce(nonce, in_nonce, session->method->cipher_info->iv_length); uint8_t gmac_nonce[session->method->gmac_cipher_info->iv_length] __attribute__((aligned(8))); fastd_method_expand_nonce(gmac_nonce, in_nonce, sizeof(gmac_nonce)); diff --git a/src/methods/composed_umac/composed_umac.c b/src/methods/composed_umac/composed_umac.c index bca52fb..88e2d51 100644 --- a/src/methods/composed_umac/composed_umac.c +++ b/src/methods/composed_umac/composed_umac.c @@ -192,8 +192,8 @@ static bool method_encrypt(UNUSED fastd_peer_t *peer, fastd_method_session_state bool ok = session->umac_cipher->crypt(session->umac_cipher_state, outblocks, &ZERO_BLOCK, sizeof(fastd_block128_t), umac_nonce); if (ok) { - uint8_t nonce[session->method->cipher_info->iv_length] __attribute__((aligned(8))); - fastd_method_expand_nonce(nonce, session->common.send_nonce, sizeof(nonce)); + uint8_t nonce[session->method->cipher_info->iv_length ?: 1] __attribute__((aligned(8))); + fastd_method_expand_nonce(nonce, session->common.send_nonce, session->method->cipher_info->iv_length); ok = session->cipher->crypt(session->cipher_state, outblocks+1, inblocks, n_blocks*sizeof(fastd_block128_t), nonce); } @@ -237,8 +237,8 @@ static bool method_decrypt(fastd_peer_t *peer, fastd_method_session_state_t *ses if (flags) return false; - uint8_t nonce[session->method->cipher_info->iv_length] __attribute__((aligned(8))); - fastd_method_expand_nonce(nonce, in_nonce, sizeof(nonce)); + uint8_t nonce[session->method->cipher_info->iv_length ?: 1] __attribute__((aligned(8))); + fastd_method_expand_nonce(nonce, in_nonce, session->method->cipher_info->iv_length); uint8_t umac_nonce[session->method->umac_cipher_info->iv_length] __attribute__((aligned(8))); fastd_method_expand_nonce(umac_nonce, in_nonce, sizeof(umac_nonce)); -- cgit v1.2.3