diff options
author | Andreas Schneider <asn@cryptomilk.org> | 2015-05-04 16:39:51 +0200 |
---|---|---|
committer | Andreas Schneider <asn@cryptomilk.org> | 2015-05-04 17:54:01 +0200 |
commit | cf05e653de569225775d6bf996ffefba9e8e6135 (patch) | |
tree | 49ad5783c213b0a08f4204b1fe9faf8e5ca59fc0 | |
parent | 4b9916136dd8a5189856556fbdf21dc3b0f08a27 (diff) | |
download | libssh-cf05e653de569225775d6bf996ffefba9e8e6135.tar.gz libssh-cf05e653de569225775d6bf996ffefba9e8e6135.tar.xz libssh-cf05e653de569225775d6bf996ffefba9e8e6135.zip |
external: Fix a possible buffer overrun in bcrypt_pbkdf
CID: #1250106
This fixes a 1 byte output overflow for large key length (not reachable
in libssh). Pulled from OpenBSD BCrypt PBKDF implementation.
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
-rw-r--r-- | src/external/bcrypt_pbkdf.c | 12 |
1 files changed, 9 insertions, 3 deletions
diff --git a/src/external/bcrypt_pbkdf.c b/src/external/bcrypt_pbkdf.c index 409265cb..27094744 100644 --- a/src/external/bcrypt_pbkdf.c +++ b/src/external/bcrypt_pbkdf.c @@ -112,6 +112,7 @@ bcrypt_pbkdf(const char *pass, size_t passlen, const uint8_t *salt, size_t saltl uint8_t *countsalt; size_t i, j, amt, stride; uint32_t count; + size_t origkeylen = keylen; SHA512CTX ctx; /* nothing crazy */ @@ -161,9 +162,14 @@ bcrypt_pbkdf(const char *pass, size_t passlen, const uint8_t *salt, size_t saltl * pbkdf2 deviation: ouput the key material non-linearly. */ amt = MIN(amt, keylen); - for (i = 0; i < amt; i++) - key[i * stride + (count - 1)] = out[i]; - keylen -= amt; + for (i = 0; i < amt; i++) { + size_t dest = i * stride + (count - 1); + if (dest >= origkeylen) { + break; + } + key[dest] = out[i]; + } + keylen -= i; } /* zap */ |