diff options
author | Nick ODell <nickodell@gmail.com> | 2013-08-02 13:21:02 -0600 |
---|---|---|
committer | Nick ODell <nickodell@gmail.com> | 2013-08-02 13:40:56 -0600 |
commit | 8d1f7753f679b12a8e57f8b5c4b529bb627ba6c5 (patch) | |
tree | 11289443c855d76ed1e80360a8db241e48e17164 | |
parent | eba7fdb9ba0dc76a06098c03a80fb218b2c53cc3 (diff) |
Fix bug where memcpy could overrun buffer
-rw-r--r-- | core/net_crypto.c | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/core/net_crypto.c b/core/net_crypto.c index 31fb24be..3233d875 100644 --- a/core/net_crypto.c +++ b/core/net_crypto.c | |||
@@ -69,8 +69,8 @@ int encrypt_data(uint8_t *public_key, uint8_t *secret_key, uint8_t *nonce, | |||
69 | if (length - crypto_box_BOXZEROBYTES + crypto_box_ZEROBYTES > MAX_DATA_SIZE || length == 0) | 69 | if (length - crypto_box_BOXZEROBYTES + crypto_box_ZEROBYTES > MAX_DATA_SIZE || length == 0) |
70 | return -1; | 70 | return -1; |
71 | 71 | ||
72 | uint8_t temp_plain[MAX_DATA_SIZE + crypto_box_ZEROBYTES - crypto_box_BOXZEROBYTES] = {0}; | 72 | uint8_t temp_plain[MAX_DATA_SIZE + crypto_box_BOXZEROBYTES] = {0}; |
73 | uint8_t temp_encrypted[MAX_DATA_SIZE + crypto_box_ZEROBYTES]; | 73 | uint8_t temp_encrypted[MAX_DATA_SIZE + crypto_box_BOXZEROBYTES]; |
74 | 74 | ||
75 | memcpy(temp_plain + crypto_box_ZEROBYTES, plain, length); /* pad the message with 32 0 bytes. */ | 75 | memcpy(temp_plain + crypto_box_ZEROBYTES, plain, length); /* pad the message with 32 0 bytes. */ |
76 | 76 | ||
@@ -101,8 +101,8 @@ int decrypt_data(uint8_t *public_key, uint8_t *secret_key, uint8_t *nonce, | |||
101 | if (length > MAX_DATA_SIZE || length <= crypto_box_BOXZEROBYTES) | 101 | if (length > MAX_DATA_SIZE || length <= crypto_box_BOXZEROBYTES) |
102 | return -1; | 102 | return -1; |
103 | 103 | ||
104 | uint8_t temp_plain[MAX_DATA_SIZE - crypto_box_ZEROBYTES + crypto_box_BOXZEROBYTES]; | 104 | uint8_t temp_plain[MAX_DATA_SIZE + crypto_box_BOXZEROBYTES]; |
105 | uint8_t temp_encrypted[MAX_DATA_SIZE + crypto_box_ZEROBYTES] = {0}; | 105 | uint8_t temp_encrypted[MAX_DATA_SIZE + crypto_box_BOXZEROBYTES] = {0}; |
106 | 106 | ||
107 | memcpy(temp_encrypted + crypto_box_BOXZEROBYTES, encrypted, length); /* pad the message with 16 0 bytes. */ | 107 | memcpy(temp_encrypted + crypto_box_BOXZEROBYTES, encrypted, length); /* pad the message with 16 0 bytes. */ |
108 | 108 | ||