diff options
author | zoff99 <zoff@zoff.cc> | 2018-11-01 19:09:06 +0100 |
---|---|---|
committer | iphydf <iphydf@users.noreply.github.com> | 2019-01-03 11:13:27 +0000 |
commit | 78bc9e7403cb812103722384402006b33bc53e79 (patch) | |
tree | d2928c30e6583abc97426c24a72019ba3d325cb9 /toxcore | |
parent | 72ef08597ece599f14165722191b5650ce5dcb3f (diff) |
Added test and patch for VLA stack overflow vuln.
Also added and used the new crypto_malloc and crypto_free.
The latter also zeroes out the memory safely. The former only exists for
symmetry (static analysis can detect asymmetric usages).
Diffstat (limited to 'toxcore')
-rw-r--r-- | toxcore/crypto_core.c | 52 |
1 files changed, 48 insertions, 4 deletions
diff --git a/toxcore/crypto_core.c b/toxcore/crypto_core.c index 1fd62866..0e53100a 100644 --- a/toxcore/crypto_core.c +++ b/toxcore/crypto_core.c | |||
@@ -30,6 +30,7 @@ | |||
30 | #include "ccompat.h" | 30 | #include "ccompat.h" |
31 | #include "crypto_core.h" | 31 | #include "crypto_core.h" |
32 | 32 | ||
33 | #include <stdlib.h> | ||
33 | #include <string.h> | 34 | #include <string.h> |
34 | 35 | ||
35 | #ifndef VANILLA_NACL | 36 | #ifndef VANILLA_NACL |
@@ -82,6 +83,20 @@ | |||
82 | #error "CRYPTO_PUBLIC_KEY_SIZE is required to be 32 bytes for public_key_cmp to work," | 83 | #error "CRYPTO_PUBLIC_KEY_SIZE is required to be 32 bytes for public_key_cmp to work," |
83 | #endif | 84 | #endif |
84 | 85 | ||
86 | static uint8_t *crypto_malloc(size_t bytes) | ||
87 | { | ||
88 | return (uint8_t *)malloc(bytes); | ||
89 | } | ||
90 | |||
91 | static void crypto_free(uint8_t *ptr, size_t bytes) | ||
92 | { | ||
93 | if (ptr != nullptr) { | ||
94 | crypto_memzero(ptr, bytes); | ||
95 | } | ||
96 | |||
97 | free(ptr); | ||
98 | } | ||
99 | |||
85 | int32_t public_key_cmp(const uint8_t *pk1, const uint8_t *pk2) | 100 | int32_t public_key_cmp(const uint8_t *pk1, const uint8_t *pk2) |
86 | { | 101 | { |
87 | return crypto_verify_32(pk1, pk2); | 102 | return crypto_verify_32(pk1, pk2); |
@@ -142,8 +157,17 @@ int32_t encrypt_data_symmetric(const uint8_t *secret_key, const uint8_t *nonce, | |||
142 | return -1; | 157 | return -1; |
143 | } | 158 | } |
144 | 159 | ||
145 | VLA(uint8_t, temp_plain, length + crypto_box_ZEROBYTES); | 160 | const size_t size_temp_plain = length + crypto_box_ZEROBYTES; |
146 | VLA(uint8_t, temp_encrypted, length + crypto_box_MACBYTES + crypto_box_BOXZEROBYTES); | 161 | const size_t size_temp_encrypted = length + crypto_box_MACBYTES + crypto_box_BOXZEROBYTES; |
162 | |||
163 | uint8_t *temp_plain = crypto_malloc(size_temp_plain); | ||
164 | uint8_t *temp_encrypted = crypto_malloc(size_temp_encrypted); | ||
165 | |||
166 | if (temp_plain == nullptr || temp_encrypted == nullptr) { | ||
167 | crypto_free(temp_plain, size_temp_plain); | ||
168 | crypto_free(temp_encrypted, size_temp_encrypted); | ||
169 | return -1; | ||
170 | } | ||
147 | 171 | ||
148 | memset(temp_plain, 0, crypto_box_ZEROBYTES); | 172 | memset(temp_plain, 0, crypto_box_ZEROBYTES); |
149 | // Pad the message with 32 0 bytes. | 173 | // Pad the message with 32 0 bytes. |
@@ -151,11 +175,17 @@ int32_t encrypt_data_symmetric(const uint8_t *secret_key, const uint8_t *nonce, | |||
151 | 175 | ||
152 | if (crypto_box_afternm(temp_encrypted, temp_plain, length + crypto_box_ZEROBYTES, nonce, | 176 | if (crypto_box_afternm(temp_encrypted, temp_plain, length + crypto_box_ZEROBYTES, nonce, |
153 | secret_key) != 0) { | 177 | secret_key) != 0) { |
178 | crypto_free(temp_plain, size_temp_plain); | ||
179 | crypto_free(temp_encrypted, size_temp_encrypted); | ||
154 | return -1; | 180 | return -1; |
155 | } | 181 | } |
156 | 182 | ||
157 | // Unpad the encrypted message. | 183 | // Unpad the encrypted message. |
158 | memcpy(encrypted, temp_encrypted + crypto_box_BOXZEROBYTES, length + crypto_box_MACBYTES); | 184 | memcpy(encrypted, temp_encrypted + crypto_box_BOXZEROBYTES, length + crypto_box_MACBYTES); |
185 | |||
186 | crypto_free(temp_plain, size_temp_plain); | ||
187 | crypto_free(temp_encrypted, size_temp_encrypted); | ||
188 | |||
159 | return length + crypto_box_MACBYTES; | 189 | return length + crypto_box_MACBYTES; |
160 | } | 190 | } |
161 | 191 | ||
@@ -166,8 +196,17 @@ int32_t decrypt_data_symmetric(const uint8_t *secret_key, const uint8_t *nonce, | |||
166 | return -1; | 196 | return -1; |
167 | } | 197 | } |
168 | 198 | ||
169 | VLA(uint8_t, temp_plain, length + crypto_box_ZEROBYTES); | 199 | const size_t size_temp_plain = length + crypto_box_ZEROBYTES; |
170 | VLA(uint8_t, temp_encrypted, length + crypto_box_BOXZEROBYTES); | 200 | const size_t size_temp_encrypted = length + crypto_box_BOXZEROBYTES; |
201 | |||
202 | uint8_t *temp_plain = crypto_malloc(size_temp_plain); | ||
203 | uint8_t *temp_encrypted = crypto_malloc(size_temp_encrypted); | ||
204 | |||
205 | if (temp_plain == nullptr || temp_encrypted == nullptr) { | ||
206 | crypto_free(temp_plain, size_temp_plain); | ||
207 | crypto_free(temp_encrypted, size_temp_encrypted); | ||
208 | return -1; | ||
209 | } | ||
171 | 210 | ||
172 | memset(temp_encrypted, 0, crypto_box_BOXZEROBYTES); | 211 | memset(temp_encrypted, 0, crypto_box_BOXZEROBYTES); |
173 | // Pad the message with 16 0 bytes. | 212 | // Pad the message with 16 0 bytes. |
@@ -175,10 +214,15 @@ int32_t decrypt_data_symmetric(const uint8_t *secret_key, const uint8_t *nonce, | |||
175 | 214 | ||
176 | if (crypto_box_open_afternm(temp_plain, temp_encrypted, length + crypto_box_BOXZEROBYTES, nonce, | 215 | if (crypto_box_open_afternm(temp_plain, temp_encrypted, length + crypto_box_BOXZEROBYTES, nonce, |
177 | secret_key) != 0) { | 216 | secret_key) != 0) { |
217 | crypto_free(temp_plain, size_temp_plain); | ||
218 | crypto_free(temp_encrypted, size_temp_encrypted); | ||
178 | return -1; | 219 | return -1; |
179 | } | 220 | } |
180 | 221 | ||
181 | memcpy(plain, temp_plain + crypto_box_ZEROBYTES, length - crypto_box_MACBYTES); | 222 | memcpy(plain, temp_plain + crypto_box_ZEROBYTES, length - crypto_box_MACBYTES); |
223 | |||
224 | crypto_free(temp_plain, size_temp_plain); | ||
225 | crypto_free(temp_encrypted, size_temp_encrypted); | ||
182 | return length - crypto_box_MACBYTES; | 226 | return length - crypto_box_MACBYTES; |
183 | } | 227 | } |
184 | 228 | ||