Bugfix: check plaintext length before unpadding correctly.

Had been checking an uninitialized length field if it is an exact multiple of the block length.

Bugfix: check plaintext length before unpadding correctly.
Had been checking an uninitialized length field if it is an exact multiple of the block length.
44df0ec9 · Geoff Simmons · 18cc8bd7 · 44df0ec9
Commit 44df0ec9 authored May 12, 2017 by Geoff Simmons
Hide whitespace changes
Inline Side-by-side

Showing with 11 additions and 4 deletions

vmod_gcrypt.c src/vmod_gcrypt.c +11 -4

No files found.
--- a/src/vmod_gcrypt.c
+++ b/src/vmod_gcrypt.c
@@ -518,10 +518,17 @@ vmod_symmetric_decrypt(VRT_CTX, struct vmod_gcrypt_symmetric *symmetric,
 		WS_Reset(ctx->ws, snap);
 		return NULL;
 	}
-	if (symmetric->padding == NONE)
+	plaintext->len = ciphertext->len;
-		plaintext->len = ciphertext->len;
+	if (symmetric->padding != NONE) {
-	else {
+		if (plaintext->len % symmetric->blocklen != 0) {
-		assert(plaintext->len % symmetric->blocklen == 0);
+			VERR(ctx, "in %s.decrypt(): padding is required, but "
+			     "plaintext length %d is not a multiple of block "
+			     "length %d", symmetric->vcl_name, plaintext->len,
+			     symmetric->blocklen);
+			WS_Release(ctx->ws, 0);
+			WS_Reset(ctx->ws, snap);
+			return NULL;
+		}
 		plaintext->len =
 			(unpadlenf[symmetric->padding])(plaintext->priv,
 							ciphertext->len,