(Bug) Buffer overrun in gcry_cipher_gettag
Peter Wu
peter at lekensteyn.nl
Tue Mar 22 11:08:44 CET 2016
Hi,
While working on a Lua binding to libgcrypt[1], I found that some
implementations of the gcry_cipher_gettag routine do not properly
validate their tag length.
Originally found in GCM, it seems that OCB and Poly1305 are also
affected. Their code look like this:
_gcry_cipher_ocb_get_tag (gcry_cipher_hd_t c,
unsigned char *outtag, size_t outtagsize)
{
if (c->u_mode.ocb.taglen > outtagsize)
return GPG_ERR_BUFFER_TOO_SHORT;
...
memcpy (outtag, c->u_mode.ocb.tag, c->u_mode.ocb.taglen);
...
}
That is, a lower bound is checked, but the upper bound is not. Result:
memcpy (or memcmp) outside their buffers.
Unaffected modes are:
- CCM: returns GCRY_ERR_INV_LENGTH
- CMAC: returns GCRY_ERR_INV_ARG
--
Kind regards,
Peter Wu
https://lekensteyn.nl
[1]: https://github.com/Lekensteyn/luagcrypt
More information about the Gcrypt-devel
mailing list