Bugfix: decrypt VFP writes to the record buffer *before* decryption ...

... if insufficient space is available in the output buffer.

src/vfp_decrypt.c

@@ -181,6 +181,8 @@ decrypt(struct vfp_ctx *ctx, struct ece *ece, enum vfp_status vp)
 	int last, expect_last = 0;
 	unsigned char nonce[NONCE_LEN], *tag;
 	char errmsg[ERRMSG_LEN];
+	uint8_t *out;
+	ptrdiff_t diff;
 
 	CHECK_OBJ_NOTNULL(ece, ECE_MAGIC);
 	CHECK_OBJ_NOTNULL(ece->crypto, ECE_CRYPTO_MAGIC);
@@ -203,11 +205,20 @@ decrypt(struct vfp_ctx *ctx, struct ece *ece, enum vfp_status vp)
 		assert(ciphertext_len <= INT_MAX);
 		tag = stream->next_in + ciphertext_len;
 
+		out = stream->next_out;
+		if (stream->avail_out < ciphertext_len)
+			out = stream->rec_buf;
+		/* Check the libcrypto "partially overlapping" error. */
+		diff = out - stream->next_in;
+		AZ(ciphertext_len > 0
+		   && ((diff > 0 && diff < (ptrdiff_t)ciphertext_len)
+		       || (diff < 0 && (diff > 0 - (ptrdiff_t)ciphertext_len))));
+
 		nonce_xor_seq(crypto, nonce);
 		plaintext_len = decrypt_record(ece->ectx, stream->next_in,
 					       ciphertext_len, tag,
-					       crypto->cek, nonce,
-					       stream->next_out, &last, errmsg);
+					       crypto->cek, nonce, out, &last,
+					       errmsg);
 		seq_inc(crypto);
 
 		if (plaintext_len < 0)
@@ -219,11 +230,8 @@ decrypt(struct vfp_ctx *ctx, struct ece *ece, enum vfp_status vp)
 
 		stream->avail_in -= record_len;
 		stream->next_in  += record_len;
-		if ((unsigned)plaintext_len > stream->avail_out) {
-			assert(vp != VFP_END);
+		if (out == stream->rec_buf) {
 			assert(plaintext_len <= ece->rs);
-			memcpy(stream->rec_buf, stream->next_out,
-			       plaintext_len);
 			stream->rec_next = stream->rec_buf;
 			stream->rec_avail = plaintext_len;
 			return (VFP_OK);