diff options
| author | agl@chromium.org <agl@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2013-07-17 18:10:23 +0000 |
|---|---|---|
| committer | agl@chromium.org <agl@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2013-07-17 18:10:23 +0000 |
| commit | 1f523dc9b34f3f6e2ca73d52e1c060368a268c2a (patch) | |
| tree | c5afbcbedf68420a9dea79b9d995bcbe494def39 /crypto | |
| parent | c3da25020001e7b0ece441ab5fe403949d6789b1 (diff) | |
| download | chromium_src-1f523dc9b34f3f6e2ca73d52e1c060368a268c2a.zip chromium_src-1f523dc9b34f3f6e2ca73d52e1c060368a268c2a.tar.gz chromium_src-1f523dc9b34f3f6e2ca73d52e1c060368a268c2a.tar.bz2 | |
net: fix buffer overflow in GHASH.
Thanks to Joel Sing for noticing.
BUG=none
R=rtenneti@chromium.org
Review URL: https://codereview.chromium.org/19619003
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@212090 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'crypto')
| -rw-r--r-- | crypto/ghash.cc | 2 | ||||
| -rw-r--r-- | crypto/ghash_unittest.cc | 30 |
2 files changed, 20 insertions, 12 deletions
diff --git a/crypto/ghash.cc b/crypto/ghash.cc index 939dd0b..5b28c44 100644 --- a/crypto/ghash.cc +++ b/crypto/ghash.cc @@ -229,7 +229,7 @@ void GaloisHash::UpdateBlocks(const uint8* bytes, size_t num_blocks) { void GaloisHash::Update(const uint8* data, size_t length) { if (buf_used_ > 0) { - const size_t n = std::min(length, buf_used_); + const size_t n = std::min(length, sizeof(buf_) - buf_used_); memcpy(&buf_[buf_used_], data, n); buf_used_ += n; length -= n; diff --git a/crypto/ghash_unittest.cc b/crypto/ghash_unittest.cc index c491f76..459e177 100644 --- a/crypto/ghash_unittest.cc +++ b/crypto/ghash_unittest.cc @@ -117,19 +117,27 @@ TEST(GaloisHash, TestCases) { } } -TEST(GaloisHash, TestCasesByteAtATime) { +TEST(GaloisHash, VaryLengths) { uint8 out[16]; - for (size_t i = 0; i < arraysize(kTestCases); ++i) { - const TestCase& test = kTestCases[i]; - - GaloisHash hash(test.key); - for (size_t i = 0; i < test.additional_length; ++i) - hash.UpdateAdditional(test.additional + i, 1); - for (size_t i = 0; i < test.ciphertext_length; ++i) - hash.UpdateCiphertext(test.ciphertext + i, 1); - hash.Finish(out, sizeof(out)); - EXPECT_TRUE(0 == memcmp(out, test.expected, 16)); + for (size_t chunk_size = 1; chunk_size < 16; chunk_size++) { + for (size_t i = 0; i < arraysize(kTestCases); ++i) { + const TestCase& test = kTestCases[i]; + + GaloisHash hash(test.key); + for (size_t i = 0; i < test.additional_length;) { + size_t n = std::min(test.additional_length - i, chunk_size); + hash.UpdateAdditional(test.additional + i, n); + i += n; + } + for (size_t i = 0; i < test.ciphertext_length;) { + size_t n = std::min(test.ciphertext_length - i, chunk_size); + hash.UpdateCiphertext(test.ciphertext + i, n); + i += n; + } + hash.Finish(out, sizeof(out)); + EXPECT_TRUE(0 == memcmp(out, test.expected, 16)); + } } } |