[go: nahoru, domu]
Skip to content

Commit

Permalink
chacha20/poly1305: make sure to clear the buffer at correct position
Browse files Browse the repository at this point in the history 
The offset to the memory to clear was incorrect, causing a heap buffer
overflow.

CVE-2016-7054

Thanks to Robert Święcki for reporting this

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit b8e4011fb26364e44230946b87ab38cc1c719aae)
  • Loading branch information
@levitte @mattcaswell
levitte authored and mattcaswell committed Nov 10, 2016
1 parent 53c6cbf commit 99d9784
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion crypto/evp/e_chacha20_poly1305.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -299,7 +299,7 @@ static int chacha20_poly1305_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
memcpy(out, actx->tag, POLY1305_BLOCK_SIZE);
} else {
if (CRYPTO_memcmp(temp, in, POLY1305_BLOCK_SIZE)) {
memset(out, 0, plen);
memset(out - plen, 0, plen);
return -1;
}
}
Expand Down

0 comments on commit 99d9784

Please sign in to comment.